In the following video you can see how easy it is to detect the presence of Shellshock (a.k.a bash bug, CVE-2014-6271, CVE-2014-7169) with our free online scanner, conveniently called Shellshock. Unlike other similar tools, the Websecurify Shellshock Scanner is client-side only, meaning that you can even use it to discover bugs in localhost and apps behind the corporate firewall. It is the best tool for the job.
<iframe width="100%" height="420" src="//www.youtube.com/embed/N48t-_a8xFA?rel=0" frameborder="0" allowfullscreen></iframe>
The Shellshock scanner is 100% free and it is part of our continuous effort to make the Web a safer place. This tools was created in the same spirit as our Heartbleed Scanner we published several months back.
Shellshock is the best tool because it is easily accessible (just type a url) and there are no limitations to what you can test. You want to test an app that you are currently running in a VM? Sure! You want to test for a range of apps inside the corporate network. No problemo! The Shellshock scanner utilizes several detection strategies and as far as we can tell it has the best coverage from all the tools we have seen.
Do not hesitate to get in touch if you have any feedback for us or if you are lost. We are always happy to help.