Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

C

Lua

Dart

Java

Kotlin

Julia

PHP

Clojure

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

MATLAB

Zig

Elm

Kotlin

Lua

JavaScript

Elixir

C#

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇬🇹 Guatemala

🇸🇪 Sweden

🇳🇫 Norfolk Island

🇸🇾 Syria

🇯🇲 Jamaica

🇦🇹 Austria

🇱🇦 Laos

All Countries Compare Countries

hannob/bashcheck

Stars
653
Rank 68,386 (Top 2 %)
Language
Shell
License
Creative Commons ...
Created almost 10 years ago
Updated over 5 years ago

hannob/bashcheck

hannob

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

test script for shellshocker and related vulnerabilities

bashcheck

Test script for Shellshock and related vulnerabilities

background

The Bash vulnerability that is now known as Shellshock had an incomplete fix at first. There are currently 6 public vulnerabilities.

shellshock and heartbleed

I wrote down some general thoughts about recent events and security in free software:

https://blog.hboeck.de/archives/857-How-to-stop-Bleeding-Hearts-and-Shocking-Shells.html

interpreting results

There's been some confusion how to interpret the results of this script and some people got scared by warnings on systems that didn't have any exploitable bugs.

The most important fix you need is one of the prefix/suffix-patches. Upstream patch number for this is bash042-050 and bash043-027 (patches for older versions also available). This patch was originally created by RedHat developer Florian Weimer and a modified version was applied by Bash developer Chet Ramey.

Once you have this prefix patch all other vulnerabilities are not exploitable. They are still bugs that should be fixed, but there is nothing to worry about.

usage

Just run script: ./bashcheck

CVE-2014-6271

The original vulnerability.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

CVE-2014-7169

Further parser error, found by Tavis Ormandy (taviso).

CVE-2014-7186

Out of bound memory read error in redir_stack.

CVE-2014-7187

Off-by-one error in nested loops. (check only works when Bash is built with -fsanitize=address)

CVE-2014-6277

Uninitialized Memory use in make_redirect(), found by Michal Zalewski (lcamtuf).

CVE-2014-6278

Another parser bug, analysis still incomplete, also found by Michal Zalewski (lcamtuf).

Patch recommendation

Latest upstream patches (4.3 since patchlevel 030, 4.2 since patchlevel 051) include all fixes.

They also add prefixing to variable functions (a variant of Florian Weimer's patch). This protects from further function parser bugs and makes them likely not exploitable.

My current recommendation: Use latest upstream patches.

snallygaster

Tool to scan for secret files on HTTP servers

php-crashers

Example scripts that cause segfaults in PHP

vulns

Named vulnerabilities and their practical impact

meltdownspectre-patches

Summary of the patch status for Meltdown / Spectre

vacdec

Python script to decode the EU Covid-19 vaccine certificate

optionsbleed

tlshelpers

A collection of shell scripts that help handling X.509 certificate and TLS issues

tls-what-can-go-wrong

TLS - what can go wrong?

smtpsmug

hpkp

HTTP Public Key Pinning (HPKP) pin generation tools

apache-uaf

Apache use after free bug infos / ASAN stack traces

superfishy

Archive of software and other data involved in the Superfish / Komodia incident

fpmvuln

bash poc scripts to exploit open fpm ports

lecaa

Check for Let's Encrypt CAA issue

hackercon

List of Free Software and IT Security related conferences

bignum-fuzz

Code to fuzz bignum libraries

selftls

Sample application to let OpenSSL talk to itself (for fuzzing)

pgpecosystem

Scripts to parse and analyze pgp key server data

com2txt

com2txt tool (from 1993)

zipeinfo

ZIP encryption info

alphasecret

Find PNG files with suspicious data in alpha channel

ctgrab

pgpbugs

A history of PGP-related vulnerabilities

ed25519hetzner

Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner

mmapfail

Simple shell script to detect bad checks of mmap() return value

pwncloud

proof of concept to backdoor files from owncloud encryption module

svnscraper

bash script to download publicly available .svn directories

libfuzzer-examples

examples for libfuzzer

secpw

Secure random passwords in Javascript

ipmx

badocspcert

Check for certs affected by July 2020 OCSP intermediate incident

jitsivuln

Check for jitis meet default password vulnerability

primecheck

Check Diffie Hellman group prime parameter

pypi-bad

Bad packages from the pypi repository

httpstime

Setting the system time over HTTPS

mbox2maildir

Script to convert between mbox and maildir format

webminex

poc exploit for webmin backdoor (CVE-2019-15107 and CVE-2019-15231)

asantoo

Overlay to use Gentoo with Address Sanitizer

emailprotocols

An overview of E-Mail protocols and data formats

silic

silic - simple link checker written in python

uudeview

Decoder and encoder for Base64 (MIME), uuencoded, xxencoded and Binhex files.

rompager-check

Online and offline check tool for the RomPager HTTP server and vulnerable versions

tmobile-login

Trivial bash script to log into Telekom / T-Mobile wireless lan

rpter

Parse mails with reports from DMARC and SMTP TLS Reporting

fritzbox-keys

private keys found on AVM Fritz!Box firmware images

xssgame

pwsec

Simple password generator with no options

exif2osm

Convert JPEG exif geotags to link on openstreetmap.org

pwbloom

Simple web index to use bloom filter for Pwned Passwords

htpasswdos

Proof of concept for Apache htpasswd denial of service

cbugs

examples for C / C++ bugs caught by various safety tools

symlinkown

Patch for the Linux Kernel to implement "SymlinksIfOwnerMatches" features

rdrand-test

Testing the rdrand CPU instruction

crimesafe-csrf

Create CSRF tokens secure from compression attacks like CRIME/BREACH/TIME/HEIST

procdown

Harden access to the /proc filesystem in Linux

CVE-2020-27603-bbb-libreoffice-poc

Proof of Concept of Libreoffice file exfiltration vulnerability in Big Blue Button

smtpsend

Command line tool to send mails with authentication

fcrdns

Command line Forward-confirmed reverse DNS (FCrDNS) check written in Python

rosproject-scripts

Scripts to compile ROS packages with compiler sanitizers

websec-examples

Some trivial examples for web vulnerabilities

gccweverything

getacmeaccount

Get account ID and other account info with private key for ACME account

whichmicroarch

Shell script to guess CPU microarchitecture for latest CFLAGS

wolfoverflow

poc for stack buffer overflow in wolfssl

squirrelpatches

Patches for Squirrelmail

blocklistmaker

Scripts to create compromised key blocklists for the badkeys tool

ros-sanitizer-logs

Logs from ASAN/UBSAN/TSAN tests of ROS

rbltest

Simple script to query mailserver realtime block lists (RBLs)

sanhash

Normalize and hash ASAN/MSAN crash dumps

snallygaster-testdata

Test data for the snallygaster tool

fpracer

File permission race proof of concept

wifiinjection

Collection of Screenshots documenting WiFi Networks injecting content into HTTP pages

thrusql

Docker image to access German emission data from thru.de

getkey

Bruteforce-search private keys in larger files

abusescript

Scripts I've been using to inform owners of hosts affected by security vulnerabilities

acmereflect

quick and dirty check for ACME API endpoints that reflect content

svgx

Shell script chaining various SVG optimization tools

sriutil