Bash ShellShock vulnerability scanner – Online

ShellshockAs the Shellshock bug (CVE-2014-6271) in the Bash command interpreter used by Linux and Unix systems is serious business, multiple online tools have been created specifically for testing web servers against the vulnerability.

The most popular vector used in a Shellshock attack consists of HTTP requests to CGI scripts, which are used to generate dynamic content.

1. Discover if your domain is exposed (CGI, SH or Pl scripts)


Or use Google :


2. Testing online

Here are some websites allowing you to scan the exposed servers and to check the output

(Take care of the results)



Nikto and NMap are preparing response and will probably improve the detection soon.


A nice article here, to go deeper in the subject (patching, testing, solving by OS) 

Be the first to comment

Leave a Reply

Your email address will not be published.