

Shellshock Test - lukashed
http://shellshocktest.com/

======
bradleyland
I've run a couple of these "testers" against servers I know are vulnerable by
verifying at a shell prompt, and they they all report "safe" (with hedging
language, of course).

Why is that? I don't mean to come across being entitled to any sort of free
tester, but is it responsible to publish tools that definitely report "safe"
when the underlying systems are not?

------
lotsofcows
Nice.

Odd delay between getting the "probably safe" message and seeing it appear in
my tcpdump.

------
RamunasM
Getting: 502 Bad Gateway It looks like it's down already

~~~
lukashed
Whoops, blame it on me for some missing basic error handling. It's fixed now,
sorry for that.

