Resources which will help you to understand the BASH exploit

Github – mirror downloadBASH User Agent Script.tar – mirror downloadJur Bash IRC Script

BASH exploit botnets

First Shellshock botnet attacks Akamai, US DoD networks –,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx


Shellshock DHCP RCE Proof of Concept –

As long as a bash CGI script is found by probing, exploiting only require putting a bash command in a header such as “Cookie:” for it to be executed. – user Solozerk

How to check if you are being scanned for the exploit via Solozerk:

You can check if you’ve been scanned for exploitable CGIs using something like (adjust apache logs path accordingly):

grep cgi /var/log/apache2/access*|egrep “};|}\s*;”


  • Most SOHO routers are vulnerable because of the mod_cgi web frontend (notified by Tiago Rosado)
  • Most Linux / Unix systems are vulnerable
  • It is currently being used to attack the United States DOD and Akamai

Proof of Concept on Kali Linux

Founder of