Shellshock (CVE-2014-6271) Vulnerability Check

Test your website for Shellshock

Enter a URL or a hostname to test the server for

Subscribe for Updates about Shellshock

What is BashMash or Shellshock?

A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash, aka the GNU Bourne Again Shell, leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals.

Earlier today (September 24th 2014), Stephane Chazelas publicly disclosed the technical details of the remote code execution vulnerability in Bash which affects most of the Linux distributions and servers worldwide.

The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug, and Shellshock by the Security researchers on the Internet discussions.

According to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. “In many common configurations, this vulnerability is exploitable over the network,” Stephane said.


How does our scanner works?

We test a website by building a special crafted header and if we get an answer back from website, then you are vulnerable to Shellshock. We won't collect any critical information from any scanned website.
Also, please have in mind that your website might still be vulnerable in a particular page, ussualy found in /cgi-bin/* folder or from special private file that is using bash shell commands. We strongly recommend to update your servers.

Links & Resources