16 lines
1012 B
YAML
16 lines
1012 B
YAML
#
|
|
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
|
|
# Browser Exploitation Framework (BeEF) - https://beefproject.com
|
|
# See the file 'doc/COPYING' for copying permission
|
|
#
|
|
beef:
|
|
module:
|
|
shell_shock_scanner:
|
|
enable: true
|
|
category: "Exploits"
|
|
name: "Shell Shock Scanner (Reverse Shell)"
|
|
description: "This module attempts to get a reverse shell on the specified web server, blindly, by requesting ~400 potentially vulnerable CGI scripts. Each CGI is requested with a shellshock payload in the 'Accept' HTTP header.<br/>The list of CGI scripts was taken from <a href='https://github.com/nccgroup/shocker'>Shocker</a>.<br/><br/>The scan will take about 2 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below."
|
|
authors: ["Stephane Chazelas", "mz", "bmantra", "radoen", "bcoles"]
|
|
target:
|
|
working: ["ALL"]
|