• Stars
    star
    653
  • Rank 68,968 (Top 2 %)
  • Language
    Shell
  • License
    Creative Commons ...
  • Created about 10 years ago
  • Updated almost 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

test script for shellshocker and related vulnerabilities

bashcheck

Test script for Shellshock and related vulnerabilities

background

The Bash vulnerability that is now known as Shellshock had an incomplete fix at first. There are currently 6 public vulnerabilities.

shellshock and heartbleed

I wrote down some general thoughts about recent events and security in free software:

interpreting results

There's been some confusion how to interpret the results of this script and some people got scared by warnings on systems that didn't have any exploitable bugs.

The most important fix you need is one of the prefix/suffix-patches. Upstream patch number for this is bash042-050 and bash043-027 (patches for older versions also available). This patch was originally created by RedHat developer Florian Weimer and a modified version was applied by Bash developer Chet Ramey.

Once you have this prefix patch all other vulnerabilities are not exploitable. They are still bugs that should be fixed, but there is nothing to worry about.

usage

Just run script: ./bashcheck

CVE-2014-6271

The original vulnerability.

CVE-2014-7169

Further parser error, found by Tavis Ormandy (taviso).

CVE-2014-7186

Out of bound memory read error in redir_stack.

CVE-2014-7187

Off-by-one error in nested loops. (check only works when Bash is built with -fsanitize=address)

CVE-2014-6277

Uninitialized Memory use in make_redirect(), found by Michal Zalewski (lcamtuf).

CVE-2014-6278

Another parser bug, analysis still incomplete, also found by Michal Zalewski (lcamtuf).

Patch recommendation

Latest upstream patches (4.3 since patchlevel 030, 4.2 since patchlevel 051) include all fixes.

They also add prefixing to variable functions (a variant of Florian Weimer's patch). This protects from further function parser bugs and makes them likely not exploitable.

My current recommendation: Use latest upstream patches.

More Repositories

1

snallygaster

Tool to scan for secret files on HTTP servers
Python
2,047
star
2

php-crashers

Example scripts that cause segfaults in PHP
PHP
448
star
3

vulns

Named vulnerabilities and their practical impact
430
star
4

meltdownspectre-patches

Summary of the patch status for Meltdown / Spectre
346
star
5

vacdec

Python script to decode the EU Covid-19 vaccine certificate
Python
242
star
6

optionsbleed

Python
145
star
7

tlshelpers

A collection of shell scripts that help handling X.509 certificate and TLS issues
Shell
127
star
8

tls-what-can-go-wrong

TLS - what can go wrong?
100
star
9

smtpsmug

Python
94
star
10

hpkp

HTTP Public Key Pinning (HPKP) pin generation tools
Shell
71
star
11

apache-uaf

Apache use after free bug infos / ASAN stack traces
65
star
12

superfishy

Archive of software and other data involved in the Superfish / Komodia incident
Python
59
star
13

fpmvuln

bash poc scripts to exploit open fpm ports
Shell
58
star
14

lecaa

Check for Let's Encrypt CAA issue
Shell
53
star
15

hackercon

List of Free Software and IT Security related conferences
52
star
16

bignum-fuzz

Code to fuzz bignum libraries
C
46
star
17

selftls

Sample application to let OpenSSL talk to itself (for fuzzing)
C
33
star
18

pgpecosystem

Scripts to parse and analyze pgp key server data
Python
31
star
19

com2txt

com2txt tool (from 1993)
C
30
star
20

zipeinfo

ZIP encryption info
Python
29
star
21

alphasecret

Find PNG files with suspicious data in alpha channel
Shell
28
star
22

ctgrab

Shell
25
star
23

pgpbugs

A history of PGP-related vulnerabilities
21
star
24

mmapfail

Simple shell script to detect bad checks of mmap() return value
C
19
star
25

ed25519hetzner

Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner
Shell
19
star
26

pwncloud

proof of concept to backdoor files from owncloud encryption module
Shell
17
star
27

svnscraper

bash script to download publicly available .svn directories
Shell
16
star
28

libfuzzer-examples

examples for libfuzzer
C++
15
star
29

secpw

Secure random passwords in Javascript
HTML
14
star
30

ipmx

Python
13
star
31

badocspcert

Check for certs affected by July 2020 OCSP intermediate incident
Shell
13
star
32

jitsivuln

Check for jitis meet default password vulnerability
Python
12
star
33

primecheck

Check Diffie Hellman group prime parameter
Python
11
star
34

pypi-bad

Bad packages from the pypi repository
Python
9
star
35

httpstime

Setting the system time over HTTPS
Shell
9
star
36

mbox2maildir

Script to convert between mbox and maildir format
Python
9
star
37

webminex

poc exploit for webmin backdoor (CVE-2019-15107 and CVE-2019-15231)
8
star
38

asantoo

Overlay to use Gentoo with Address Sanitizer
Shell
8
star
39

emailprotocols

An overview of E-Mail protocols and data formats
8
star
40

silic

silic - simple link checker written in python
Python
7
star
41

rpter

Parse mails with reports from DMARC and SMTP TLS Reporting
Python
7
star
42

uudeview

Decoder and encoder for Base64 (MIME), uuencoded, xxencoded and Binhex files.
C
7
star
43

rompager-check

Online and offline check tool for the RomPager HTTP server and vulnerable versions
PHP
6
star
44

tmobile-login

Trivial bash script to log into Telekom / T-Mobile wireless lan
Shell
6
star
45

fritzbox-keys

private keys found on AVM Fritz!Box firmware images
5
star
46

pwsec

Simple password generator with no options
Shell
5
star
47

xssgame

PHP
5
star
48

exif2osm

Convert JPEG exif geotags to link on openstreetmap.org
Shell
5
star
49

pwbloom

Simple web index to use bloom filter for Pwned Passwords
Python
4
star
50

htpasswdos

Proof of concept for Apache htpasswd denial of service
PHP
4
star
51

symlinkown

Patch for the Linux Kernel to implement "SymlinksIfOwnerMatches" features
Shell
4
star
52

rdrand-test

Testing the rdrand CPU instruction
C
3
star
53

crimesafe-csrf

Create CSRF tokens secure from compression attacks like CRIME/BREACH/TIME/HEIST
PHP
3
star
54

cbugs

examples for C / C++ bugs caught by various safety tools
C
3
star
55

procdown

Harden access to the /proc filesystem in Linux
Shell
3
star
56

CVE-2020-27603-bbb-libreoffice-poc

Proof of Concept of Libreoffice file exfiltration vulnerability in Big Blue Button
3
star
57

svgx

Shell script chaining various SVG optimization tools
Shell
3
star
58

smtpsend

Command line tool to send mails with authentication
Python
2
star
59

fcrdns

Command line Forward-confirmed reverse DNS (FCrDNS) check written in Python
Python
2
star
60

rosproject-scripts

Scripts to compile ROS packages with compiler sanitizers
Shell
2
star
61

websec-examples

Some trivial examples for web vulnerabilities
PHP
2
star
62

gccweverything

Shell
2
star
63

getacmeaccount

Get account ID and other account info with private key for ACME account
Python
2
star
64

whichmicroarch

Shell script to guess CPU microarchitecture for latest CFLAGS
Shell
1
star
65

wolfoverflow

poc for stack buffer overflow in wolfssl
Shell
1
star
66

squirrelpatches

Patches for Squirrelmail
1
star
67

blocklistmaker

Scripts to create compromised key blocklists for the badkeys tool
1
star
68

ros-sanitizer-logs

Logs from ASAN/UBSAN/TSAN tests of ROS
1
star
69

rbltest

Simple script to query mailserver realtime block lists (RBLs)
Python
1
star
70

sanhash

Normalize and hash ASAN/MSAN crash dumps
Shell
1
star
71

snallygaster-testdata

Test data for the snallygaster tool
1
star
72

fpracer

File permission race proof of concept
Python
1
star
73

thrusql

Docker image to access German emission data from thru.de
Dockerfile
1
star
74

wifiinjection

Collection of Screenshots documenting WiFi Networks injecting content into HTTP pages
1
star
75

getkey

Bruteforce-search private keys in larger files
Python
1
star
76

abusescript

Scripts I've been using to inform owners of hosts affected by security vulnerabilities
Shell
1
star
77

acmereflect

quick and dirty check for ACME API endpoints that reflect content
Shell
1
star
78

sriutil

Python
1
star