'ShellShock' Bash Vulnerability CVE-2014-6271 Test Tool

Counter: As of right now, 196195 tests have been run with 18464 vulnerabilities found.

Test Web Site Root and Known URL Attack Points

Web Site Host Name (i.e. myserver.com):  


Test Specific Script URL

Specific CGI Script URL:  

WARNING: This is an experimental tool. It attempts to exploit various HTTP headers to execute wget and curl requests back to this server. If this server receives the requests, then the vulnerability is confirmed.

Use at your own risk and on your own servers only.


This tool uses HTTP exploits only. Also check www.shellshocktest.com for a test tool that uses Ping exploits, by @lukashed

And another test tool: BashSmash.ccsir.org

How this tool works: View Code | Some mildly interesting analysis of data this tool logs