Git Product home page Git Product logo

shocker's Introduction

Shocker

A tool to find and exploit servers vulnerable to Shellshock

Released as open source by NCC Group Plc - http://www.nccgroup.com/

Developed By:

  • Tom Watson, tom [dot] watson [at] nccgroup [dot] com

https://github.com/nccgroup/shocker

Released under AGPL see LICENSE for more information

Help Text

usage: shocker.py

-h, --help show this help message and exit

--Host HOST, -H HOST A target hostname or IP address

--file FILE, -f FILE File containing a list of targets

--port PORT, -p PORT The target port number (default=80)

--exploit EXPLOIT, -e EXPLOIT Command to execute (default=/bin/uname -a)

--cgi CGI, -c CGI Single CGI to check (e.g. /cgi-bin/test.cgi)

--proxy PROXY A BIT BROKEN RIGHT NOW Proxy to be used in the form 'ip:port'

--ssl, -s Use SSL (default=False)

--threads THREADS, -t THREADS Maximum number of threads (default=10, max=100)

--verbose, -v Be verbose in output

Usage Examples

./shocker.py -H 127.0.0.1 -e "/bin/cat /etc/passwd" -c /cgi-bin/test.cgi

Scans for http://127.0.0.1/cgi-bin/test.cgi and, if found, attempts to cat /etc/passwd

./shocker.py -H www.example.com -p 8001 -s

Scan www.example.com on port 8001 using SSL for all scripts in cgi_list and attempts the default exploit for any found

./shocker.py -f ./hostlist

Scans all hosts listed in the file ./hostlist with the default options

Dependencies

Python 2.7+

Change Log

Changes in version 0.72 (December 2014)

  • Minor corrections to logic and typos

Changes in version 0.71 (December 2014)

  • Added timeout to urllib2.urlopen requests using a global 'TIMEOUT'

Changes in version 0.7 (November 2014)

  • Add interactive 'psuedo console' for further exploitation of a chosen vulnerable server
  • Attemped to clean up output buffering issues by wrapping sys.stdout in a class which flushes on every call to write
  • Added a progress indicator for use in time consuming tasks to reassure non vebose users

Changes in version 0.6 (October 2014)

  • Preventing return codes other than 200 from being considered successes
  • Added ability to specify multiple targets in a file
  • Moved the 'cgi_list' list of scripts to attempt to exploit to a file
  • Fixed some output formatting issues
  • Fixed valid hostname/IP regex to allow single word hostnames

Changes in version 0.5 (October 2014)

  • Added ability to specify a single script to target rather than using cgi_list
  • Introduced a timeout on socket operations for host_check
  • Added some usage examples in the script header
  • Added an epilogue to the help text indicating presence of examples

Changes in version 0.4 (October 2014)

  • Introduced a thread count limit defaulting to 10
  • Removed colour support until I can figure out how to make it work in Windows and *nix equally well
  • Spelling corrections
  • More comprehensive cgi_list
  • Removes success_flag from output

Pre 0.4 (October 2014)

  • No idea

TODO

  • Identify and respond correctly to HTTP/200 response - false positives - Low priority/hassle
  • Implement curses for *nix systems - For the whole application or only psuedo terminal? - Low priority/prettiness
  • Thread the initial host check now that multiple targets are supported (and could be make this bit time consuming)
  • Change verbose to integer value - quiet, normal, verbose, debug?
  • Add option to skip initial host checks for the sake of speed?
  • Add a summary of results before exiting
  • Save results to a file? Format?
  • Eventually the idea is to include multiple possible vectors but currently only one is checked.
  • Add Windows and *nix colour support - Low priority/prettiness
  • Add a timeout in interactive mode for commands which don't return, e.g. /bin/cat /dev/zero
  • Prettify - Low priority/pretinness (obviously)
  • Add support for scanning and explointing SSH and SMTP? https://isc.sans.edu/diary/Shellshock+via+SMTP/18879
  • Add SOCKS proxy support, potentially using https://github.com/rpicard/socksonsocks/ from Rober Picard
  • Other stuff. Probably.

Thanks to...

Anthony Caulfield @ NCC for time and effort reviewing early versions

shocker's People

Contributors

tfwiii avatar

Watchers

James Cloos avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.