shellshock-scanner-chrome

A revised google shellshock google dorker that uses the chrome/chromium webdriver

Obviously change the chromedriver path to the path with your binary (line 55)

shellshock-scanner-chrome

Search Google and concurrently test each result for vulnerability to CVE-2014-6271: remote code execute bug in bash otherwise known as Shellshock.

Credits in the source (line 24)

Installation

Requires Python 2.7

pip install --user selenium gevent
git clone https://github.com/capisano/shellshock-scanner-chrome/
cd shellshock-scanner-chrome/

Example

python ShellShock_Bot.py -s "inurl:cgi-bin filetype:sh" -p 2

Open up Chrome/Chromium, it will search for the dork "inurl:cgi-bin filetype:sh", and visit the first two pages of results where one page = 100 results. Then it will test each result URL for Shellshock vulnerability. -p option will default to 1 page if not given.

Output will look like:

[!] SHELLSHOCK VULNERABLE: http://domain.com/cgi-bin/script.sh

Google Dorks

inurl:"server-status" intitle:apache "cgi-bin"
sitemap.xml filetype:xml intext:"cgi-bin"
filetype:sh inurl:cgi-bin
inurl:cgi-bin "GATEWAY_INTERFACE = CGI"
inurl:cgi-bin inurl:printenv intext:SERVER_ADDR

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
LICENSE		LICENSE
README.md		README.md
ShellShock_Bot.py		ShellShock_Bot.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

shellshock-scanner-chrome

shellshock-scanner-chrome

Installation

Example

Google Dorks

About

Releases

Packages

Languages

License

capisano/shellshock-scanner-chrome

Folders and files

Latest commit

History

Repository files navigation

shellshock-scanner-chrome

shellshock-scanner-chrome

Installation

Example

Google Dorks

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages