Shellshock Burp Scanning

By Matthew Gill ·

The following is a Java plugin for the web proxy Burp designed to detect CVE-2014-6271, or shellshock, during active scans of web applications. Further versions of the shellshock vulnerability, e.g. CVE-2014-7169, are not detected by this plugin. These versions require an existing code execution exploit against the remote system to trigger, and are therefore not included.

https://github.com/AccuvantLABS/burp-shellshock

Matthew Gill

Principal Consultant

Matthew Gill is a principal security consultant with Optiv's application security practice. In this role, he provides expertise in penetration testing, application assessment, code review and system architecture design.