Last active
August 29, 2015 14:06
-
-
Save andresriancho/4ef11d75c1f517c24f94 to your computer and use it in GitHub Desktop.
w3af can now find shell shock vulnerabilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| w3af>>> plugins | |
| w3af/plugins>>> audit shell_shock | |
| w3af/plugins>>> back | |
| w3af>>> target | |
| w3af/config:target>>> set target http://.../test-env.cgi | |
| w3af/config:target>>> back | |
| The configuration has been saved. | |
| w3af>>> start | |
| Shell shock was found at: "http://.../test-env.cgi", using HTTP method GET. | |
| The modified header was: "User-Agent" and it's value was: "() { test; }; ping -c 3 localhost". | |
| This vulnerability was found in the requests with ids 36, 40, 44, 48 and 52. | |
| Scan finished in 56 seconds. | |
| Stopping the core... | |
| w3af>>> exit | |
| w3af>>> | |
| Liked it? Contribute with some lines of code! |
If you want to run the shell_shock plugin against all URLs in your site (recommended) here's the script to do it. Create a file called shell_shock.w3af in w3af's root, copy+paste this:
plugins
crawl web_spider
audit shell_shock
back
target
set target http://.../
back
start
Set the target to your web application and then:
$ ./w3af_console -s shell-shock.w3af
Is there a way to feed in a list of targets instead of a single line entry?
how do you install the shell_shock into the plugins?
there is no "shell_shock" plugin. the code is in the os_commanding plugin
(x@box:~/w3af)$ ./w3af_console
w3af>>> plugins
w3af/plugins>>> audit shell_shock
Unknown plugin: 'shell_shock'
w3af/plugins>>>
the initial commits were made to os_commanding from what i can see
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Try it yourself!
git clone https://github.com/andresriancho/w3af.git cd w3af git checkout develop ./w3af_consoleAnd then run the commands you see above. The source code is available here, pull requests with improvements and different detection techniques are welcome!