-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improved version of NSE script http-shellshock #48
Labels
Comments
Hi, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A script to detect the shellshock vulnerabilities in web applications was committed in rev 33916. However, there is room for improvements (although i'm not sure how urgent they are):
-The current script uses / as the default URI but the spidering library could be integrated to attempt to find all files inside /cgi-bin/ directories.
-A list of popular cgi-bin paths could be added. This also generates more traffic and is useless against the majority of non vulnerable hosts.
Nmap-dev thread:
https://seclists.org/nmap-dev/2014/q4/291
The text was updated successfully, but these errors were encountered: