'ShellShock' Bash Vulnerability CVE-2014-6271 Test Tool
As of right now, 194215 tests have been run with 18451 vulnerabilities found.
Test Web Site Root and Known URL Attack Points
Web Site Host Name (i.e.
Test Specific Script URL
Specific CGI Script URL:
This is an experimental tool. It attempts to exploit various HTTP headers to execute wget and curl requests back to this server. If this server receives the requests, then the vulnerability is confirmed.
Use at your own risk and on your own servers only.
This tool uses HTTP exploits only. Also check
for a test tool that uses Ping exploits, by
And another test tool:
How this tool works:
Some mildly interesting analysis of data this tool logs