xShock ShellShock (CVE-2014-6271)
This tool exploits shellshock.
Instagram: TMRSWRR
Click on the image...
All founded directories will be saved in vulnurl.txt file. The results of the executed commands are saved in response.txt.
This tool include:
- CGI VULNERABILITY
- DIRECTORY SCAN
- RUN COMMAND WITH FOUNDED CGI
- SHOW VULNERABLE URLS
- UPDATE PROXY
git clone https://github.com/capture0x/xShock/
cd xShock
pip3 install -r requirements.txt
python3 main.py
Checks cgi-bin directory on the target site
e.g:
http://targetsite.com
This works with wordlists. Scans url on the target site. Important notice: Please enter full path of wordlist after the url.(Not file. It should be directory)
e.g: http:// targetsite.com/cgi-bin/selectedworlist
e.g:
http://targetsite.com/cgi-bin
/usr/share/wordlists/dirb --> This is directory of wordlist. Not file!
By entering the url in the vuln.txt file, you can try running commands in the found urls.
http://targetsite.com/cgi-bin/status
Shows founded urls in vuln.txt file.
You can update proxies from web manually.
--
For bug reports or enhancements, please open an issue here.
Copyright 2020