โก xShock ShellShock โก
January 27, 2021 ยท View on GitHub
Written by TMRSWRR
Version 1.0.0
xShock ShellShock (CVE-2014-6271)
This tool exploits shellshock.
Instagram: TMRSWRR
๐ผ๏ธ Screenshots ๐ผ๏ธ
๐น How to use ๐น
Click on the image...
๐ Read Me ๐
All founded directories will be saved in vulnurl.txt file. The results of the executed commands are saved in response.txt.
๐งฐ Features ๐งฐ
This tool include:
- CGI VULNERABILITY
- DIRECTORY SCAN
- RUN COMMAND WITH FOUNDED CGI
- SHOW VULNERABLE URLS
- UPDATE PROXY
๐ Installation ๐
Installation with requirements.txt
git clone https://github.com/capture0x/xShock/
cd xShock
pip3 install -r requirements.txt
Usage
python3 main.py
CGI VULNERABILITY
Checks cgi-bin directory on the target site
e.g:
http://targetsite.com
DIRECTORY SCAN
This works with wordlists. Scans url on the target site. Important notice: Please enter full path of wordlist after the url.(Not file. It should be directory)
e.g: http:// targetsite.com/cgi-bin/selectedworlist
e.g:
http://targetsite.com/cgi-bin
/usr/share/wordlists/dirb --> This is directory of wordlist. Not file!
RUN COMMAND WITH FOUNDED CGI
By entering the url in the vuln.txt file, you can try running commands in the found urls.
http://targetsite.com/cgi-bin/status
SHOW VULNERABLE URLS
Shows founded urls in vuln.txt file.
UPDATE PROXY
You can update proxies from web manually.
Known Issues
--
Bugs and enhancements
For bug reports or enhancements, please open an issue here.
Copyright 2020