cheetz / icmpshock Goto Github PK
View Code? Open in Web Editor NEWA scanning tool for the ShellShock bash vulnerability
A scanning tool for the ShellShock bash vulnerability
-------------------------------------------------------------------------- .____________ _____ __________ _________.__ __ | \_ ___ \ / \\______ \/ _____/| |__ ____ ____ | | __ | / \ \/ / \ / \| ___/\_____ \ | | \ / _ \_/ ___\| |/ / | \ \____/ Y \ | / \| Y ( <_> ) \___| < |___|\______ /\____|__ /____| /_______ /|___| /\____/ \___ >__|_ \ \/ \/ \/ \/ \/ \/ ICMPShock | A scanning tool for the ShellShock bash vulnerability. Written by Peter Kim <Author, The Hacker Playbook> <CEO, Secure Planet LLC> -------------------------------------------------------------------------- < About > ICMPShock is a tool designed to determine whether or not a target web server contains cgi scripts that could provide an attack vector for exploitation of the "ShellShock" bash vulnerability. This is determined by injecting crafted environment variables into various fields of a POST request to 1 or more target web servers defined in a file. The value of these environment variables is a "ping" command to the listening IP address the user specifies. By using a tool such as tcpdump to listen for ICMP requests, the user can determine whether or not a target server is vulnerable by observing whether or not an ICMP request was sent from the target to the listening machine the user specifies. If the user recieves an ICMP packet from the target, they can assume that the current version of the bash interpreter installed on the target is vulnerable. < Usage > Before execution of this script, a tool such as tcpdump will need to be started to see results from the target. An example of this would be- sudo tcpdump -nni eth0 -e icmp[icmptype] == 8 After this is executed, the user will be ready to use ICMPShock. The format to use this tool is- python icmpshock.py <listening IP> <targets_file> The user will be prompted to start the scanner, and the value of the listening IP and number of threads will be reflected in STDOUT before the script is executed. The targets file holds the target addresses, one line per target address- ============ target1 target2 target3 ...snip... ============ The file "Updated_list_Cgi_files.txt" is the file which holds paths to CGI scripts to append to the address of the web server. These values are from RAFT and detectify.com, but a different file can be used if specified in the code of the script (just uncomment the line #cgi_file = sys.argv[3], and uncomment the "for" loop at the bottom of the script that uses "cgi_file" instead of "Updated_list_Cgi_files.txt"). If using sys.argv[3], then the command would look like- python icmpshock.py <listening IP> <targets_file> <cgi_path_file> An example- python icmpshock.py 127.0.0.1 target_list.txt cgi_test_paths.txt
The script executes but i get the following error:
Exception in thread Thread-79:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 763, in run
self.__target(_self.__args, *_self.__kwargs)
File "./icmpshock.py", line 56, in doWork
status, url = getStatus(url)
ValueError: too many values to unpack
Exception in thread Thread-52:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 763, in run
self.__target(_self.__args, *_self.__kwargs)
File "./icmpshock.py", line 56, in doWork
status, url = getStatus(url)
ValueError: too many values to unpack
Had to edit the script from nc
to nc.traditional
for the exploit to work properly on
OWASPBWA 1.1.1. Seems like a minor issue but I figured some readers might struggle without really understanding why.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.