We are not planning to go in detail what is Shellshock, how it works, etc. There are plenty of people who have done that perfectly well. Have a look at Errata's blog and this blog post from Michal Zalewski. Instead, what we want to give you is a fully-functional Shellshock Scanner that is capable of identifying the vulnerability even if it is deep into your web application structure.
The Shellshock scanner can be found here. It is built on top of our web security testing engine. The Shellshock scanner will start by spidering your applications first and then move into active fuzzing to detect presence of the vulnerability.
Let us know if you find any bugs. This tools is released as part of our emergency response efforts to make the Web safer.Comments Powered ByDisqus