Skip to main content

Shellshock Burp Scanning

October 29, 2014

The following is a Java plugin for the web proxy Burp designed to detect CVE-2014-6271, or shellshock, during active scans of web applications. Further versions of the shellshock vulnerability, e.g. CVE-2014-7169, are not detected by this plugin. These versions require an existing code execution exploit against the remote system to trigger, and are therefore not included.

Shellshock Burp

    Matthew Gill

By: Matthew Gill

Principal Consultant

See More

Related Blogs

August 31, 2015

Black Hat Tools Arsenal: Burp-Hash Plugin, Part 2 - How it Works

This is a follow-up post about our Burp-Hash plugin for the Burp Suite that we presented at the Black Hat USA Tools Arsenal. You can read the backstor...

See Details

August 04, 2015

Black Hat Tools Arsenal: Burp-Hash Plugin – Part 1

One day a few months back, teammates Matt South and Tim MalcomVetter reviewed a report from an application security assessment performed by another te...

See Details

December 23, 2014

Diversionary Tactics 101

When organizations are hacked or infected with malware, an important question they ask themselves is, “Who is attacking us?” Understanding an attacker...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


September 26, 2014

What is the Bash Shellshock Bug?

It has been discovered that vulnerability exists within the Bash command-line shell, which has been around for years, is now being actively exploited....

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

October 07, 2014

Detecting Shellshock with SIEM Solutions

At the end of September, a serious vulnerability (CVE-2014-6271 and CVE-2014-7169) came to light affecting Linux/Unix and Apple OS X. The seriousness ...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.