SHARE
TWEET

ShellShock Vulnerablity Scanner [ Python ]

tanmay606 May 5th, 2015 (edited) 560 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. """
  2. C0der : Tanmay [ 13lackD3m0n ]
  3. Facebook : tanmay606
  4. Email : kevinmetnik606@gmail.com
  5. Script : ShellShock Vulnerablity Checking Script.
  6.  
  7. [+] If you want to use this script on remote server, first upload it and then open it. [/+]
  8.  
  9. """
  10. import os,sys,time
  11. try:
  12.  from colorama import Fore,Back
  13. except ImportError:
  14.  print "\n[ERROR]"
  15.  print "\t[1] You need colorama module to run this script. [ install it first ]"
  16.  print "\t[2] This script will not work in WIN. [ only for linux,unix,mac based ]";
  17.  sys.exit(1);
  18. exploit_cmd = "echo vulnerable"; #!execute if server is affected.
  19. sleep_time = int('2'); #!time to sleep.
  20. real_cmd = "echo complete successfull."; #! execute in both cases.
  21.  
  22. def _banner_():
  23.  print (Fore.GREEN+"\t- > ShellShock Vulnerablity Scanner Script."+Fore.RESET);
  24.  print (Fore.GREEN+"\t- > Author : Tanmay [ 13lackD3Mon ]"+Fore.RESET);
  25.  print "\n";
  26.  sys.stdout.write("\t[#] Checking SYSTEM/OS for ShellShock Vulnerablity . . . . . .\n\n\r");
  27.  sys.stdout.flush();
  28.  time.sleep(sleep_time);
  29.  
  30. _banner_();
  31.  
  32. def _vul_():
  33.  print (Back.RED + "\t[WARNING] Your SERVER/OS is affected with ShellShock Vulnerablity.\a" + Back.RESET)
  34.  print (Back.GREEN + "\t [FIX] immediately update BASH.".upper() + Back.RESET)
  35.  
  36. def _notvul_():
  37.  print "[SUCCESS] Your SYSTEM in properly pathed from shellshock vulnerablity.\a";
  38.  
  39. def _check_(exploit_cmd):
  40.  for cmd in os.popen("env val='() { :; }; %s' bash -c '%s'"%(exploit_cmd,real_cmd)):
  41.   if("vulnerable" in cmd): #!if vul. code found in result which means OS/SERVER execute crafted command and vulnerable to shellshock
  42.    _vul_();
  43.    sys.exit(1);
  44.   else: #! if not execute crafted command which means system is pathed from shellshock.
  45.    _notvul_();
  46.    sys.exit(1);
  47.  
  48. _check_(exploit_cmd); #!Trigger hook.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top