Shellshock Enhancements

The Websecurify Shellshock Scanner was one of the very first tools to detect CVE-2014-6271 and CVE-2014-7169 (and many others). We published this automated scanner, free of charge because we had a moral responsibility towards everyone at a moment of crisis. Today, we want to let you know that not only the Shellshock Scanner is alive and well but also that it has been enhanced to discover the bash bug even deeper into the target application structure.

shellshock screenshot

You may be wondering what is so different about our scanner. Why is it any better than the tools provided by other vendors? We have prepared a small FAQ for you that answers these types of questions.

How Does It Work?

The Websecurify Shellshock Scanner employs 3 types of generic shellshock tests. These tests are executed at every step during the application discovery and enumeration stages using our spidering and recon technologies. In addition to that we check for a large list of well-known CGI files and folders. All of this boils down to a very thorough detection engine capable of discovering the bug very deep into the application structure.

Most, if not all, shellshock scanners out there will only check for common CGI files and folders completely missing out opportunities elsewhere. We cannot allow to not be able to detect a critical vulnerability, such as Shellshock, and this is why we take so many steps in addition to the basic checks.

What Can I Test?

All public Shellshock scanners, except the Websecurify Shellshock Scanner, will not be able to discover Shellshock on none-public networks. In other words, those scanners only are able to test for stuff that are available publicly.

The Websecurify Shellshock Scanner employs our client-side security testing technology directly from your own web browser. This means that you can effectively use the scanner to discover vulnerabilities in anything that your browser can reach, including local virtual machines, docker containers, local network services, services in different firewall zones, stuff behind bastion hosts, VPN and more.

This is only possible because our client-side technology. You can read more about it in our online series Websecurify Vs. The World.

Is Shellshock Dead Already?

Although there is a huge effort to patch all vulnerable bash instances it is important to note that this bug is so wide-spread that you can never be 100% sure. Using the Websecurify Shellshock Scanner is the only way to ensure that you are not vulnerable in a fully automated, black-box fashion. There is simply no other tool out here that will provide the same level of coverage for free and with the ease of use as our scanning and testing technology.