Re: [W3af-users] Shell shock plugin for w3af: Done!
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-users] Shell shock plugin for w3af: Done!
|
From: Andres R. <and...@gm...> - 2014-09-25 17:20:03
|
Ali, You can use curl -H"test: ..." http://foo.com/ to verify Replace ... with the bash exploit On Thu, Sep 25, 2014 at 2:11 PM, Ali Khalfan <ali...@gm...> wrote: > Andres, > Is there a way I could manually verify a url? (as in using Nmap or wget and > checking the response) > > I did it twice on a url and once it says it was vulnerable and the other > says it wasn't > > On ٢٥ سبتمبر، ٢٠١٤ ٧:١٨:٣٦ م GMT+03:00, Andres Riancho > <and...@gm...> wrote: >> >> Check the github repository issues, mailing list, etc. This issue (for >> mac?) has workarounds documented somewhere >> >> On Thu, Sep 25, 2014 at 1:04 PM, Ali Khalfan <ali...@gm...> >> wrote: >>> >>> i keep trying to run the git version of w3af and it says that phply is >>> missing, yet I have it: >>> >>> >>> >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info >>> /usr/local/lib/python2.7/dist-packages/phply.egg-link >>> /usr/local/lib/python2.7/dist-packages/phply/phpast.py >>> /usr/local/lib/python2.7/dist-packages/phply/phpast.pyc >>> /usr/local/lib/python2.7/dist-packages/phply/phplex.py >>> /usr/local/lib/python2.7/dist-packages/phply/phplex.pyc >>> >>> /usr/local/lib/python2.7/dist-packages/phply/phpparse.py >>> /usr/local/lib/python2.7/dist-packages/phply/phpparse.pyc >>> /usr/local/lib/python2.7/dist-packages/phply/pythonast.py >>> /usr/local/lib/python2.7/dist-packages/phply/pythonast.pyc >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/PKG-INFO >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/SOURCES.txt >>> >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/dependency_links.txt >>> >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/installed-files.txt >>> >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/namespace_packages.txt >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/not-zip-safe >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/requires.txt >>> >>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/top_level.txt >>> >>> >>> On >>> 09/25/2014 03:22 PM, Andres Riancho wrote: >>>> >>>> List, >>>> >>>> Take a look at the w3af plugin I've just finished coding [0], it >>>> detects shell shock vulnerabilities by using time delays. Pull >>>> requests with improvements are welcome :) >>>> >>>> [0] https://gist.github.com/andresriancho/4ef11d75c1f517c24f94 >>>> >>>> Regards, >>> >>> >>> >>> ________________________________ >>> >>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer >>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports >>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper >>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk >>> ________________________________ >>> >>> W3af-users mailing list >>> W3a...@li... >>> https://lists.sourceforge.net/lists/listinfo/w3af-users >> >> >> > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
