XSHOCK : Tool To Exploits ShellShock

XSHOCK Shellshock Exploit. All founded directories will be saved in vulnurl.txt file. The results of the executed commands are saved in response.txt.

Features

This tool include:

• CGI VULNERABILITY
• DIRECTORY SCAN
• RUN COMMAND WITH FOUNDED CGI
• SHOW VULNERABLE URLS
• UPDATE PROXY

Installation

git clone https://github.com/capture0x/xShock/
cd xShock
pip3 install -r requirements.txt

Also Read – Token Reverser : Word List Generator To Crack Security Tokens

Usage

python3 main.py

CGI VULNERABILITY

Checks cgi-bin directory on the target site

• e.g:http://targetsite.com

DIRECTORY SCAN

This works with wordlists. Scans url on the target site. Important notice: Please enter full path of wordlist after the url.(Not file. It should be directory)

• e.g: http:// targetsite.com/cgi-bin/selectedworlist
• e.g: http://targetsite.com/cgi-bin /usr/share/wordlists/dirb –> This is directory of wordlist. Not file!

RUN COMMAND WITH FOUNDED CGI

By entering the url in the vuln.txt file, you can try running commands in the found urls.

http://targetsite.com/cgi-bin/status

SHOW VULNERABLE URLS

Shows founded urls in vuln.txt file.

UPDATE PROXY

You can update proxies from web manually.

How to use?

Screenshots