w3af can now find shell shock vulnerabilities
w3af>>> plugins | |
w3af/plugins>>> audit shell_shock | |
w3af/plugins>>> back | |
w3af>>> target | |
w3af/config:target>>> set target http://.../test-env.cgi | |
w3af/config:target>>> back | |
The configuration has been saved. | |
w3af>>> start | |
Shell shock was found at: "http://.../test-env.cgi", using HTTP method GET. | |
The modified header was: "User-Agent" and it's value was: "() { test; }; ping -c 3 localhost". | |
This vulnerability was found in the requests with ids 36, 40, 44, 48 and 52. | |
Scan finished in 56 seconds. | |
Stopping the core... | |
w3af>>> exit | |
w3af>>> | |
Liked it? Contribute with some lines of code! |
This comment has been minimized.
This comment has been minimized.
If you want to run the
Set the target to your web application and then: $ ./w3af_console -s shell-shock.w3af |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Is there a way to feed in a list of targets instead of a single line entry? |
This comment has been minimized.
This comment has been minimized.
how do you install the shell_shock into the plugins? |
This comment has been minimized.
This comment has been minimized.
there is no "shell_shock" plugin. the code is in the os_commanding plugin (x@box:~/w3af)$ ./w3af_console the initial commits were made to os_commanding from what i can see |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Try it yourself!
git clone https://github.com/andresriancho/w3af.git cd w3af git checkout develop ./w3af_console
And then run the commands you see above. The source code is available here, pull requests with improvements and different detection techniques are welcome!