Auditing Tool Shell Vulnerability Scanner

Shocker – A tool to find and exploit servers vulnerable to Shellshock

Shocker is a tool to find and exploit servers vulnerable to Shellshock

Released as open source by NCC Group Plc – https://www.nccgroup.trust/

Developed By: Tom Watson, tom [dot] watson [at] nccgroup [dot] trust
https://github.com/nccgroup/shocker

Help Text
usage:

Usage Examples

Scans for http://127.0.0.1/cgi-bin/test.cgi and, if found, attempts to cat /etc/passwd

Scan www.example.com on port 8001 using SSL for all scripts in cgi_list and attempts the default exploit for any found

Scans all hosts listed in the file ./hostlist with the default options

Dependencies
Python 2.7+

Todo:

  • Identify and respond correctly to HTTP/200 response – false positives – Low priority/hassle
  • Implement curses for *nix systems – For the whole application or only psuedo terminal? – Low priority/prettiness.
  • Thread the initial host check now that multiple targets are supported (and could be make this bit time consuming)
  • Change verbose to integer value – quiet, normal, verbose, debug?
  • Add option to skip initial host checks for the sake of speed?
  • Add a summary of results before exiting
  • Save results to a file? Format?
  • Eventually the idea is to include multiple possible vectors but currently only one is checked.
  • Add Windows and *nix colour support – Low priority/prettiness
  • Add a timeout in interactive mode for commands which don’t return, e.g. /bin/cat /dev/zero
  • Prettify – Low priority/pretinness (obviously)
  • Add support for scanning and explointing SSH and SMTP https://isc.sans.edu/diary/Shellshock+via+SMTP/18879
  • Add SOCKS proxy support, potentially using https://github.com/rpicard/socksonsocks/ from Rober Picard
  • Other stuff. Probably.

 

Download Shocker at Github

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.

I’m a Linux,opensource advocate and interested in network security and InfoSec.

Leave a Reply