Shellshock Burp Scanning

Shellshock Burp Scanning

 The following is a Java plugin for the web proxy Burp designed to detect CVE-2014-6271, or shellshock, during active scans of web applications. Further versions of the shellshock vulnerability, e.g. CVE-2014-7169, are not detected by this plugin. These versions require an existing code execution exploit against the remote system to trigger, and are therefore not included.

 

https://github.com/AccuvantLABS/burp-shellshock

 

Shellshock Burp

Principal Consultant
Matthew Gill is a principal security consultant with Optiv's application security practice. In this role, he provides expertise in penetration testing, application assessment, code review and system architecture design.