Darn, this ShellShock will continue to shock us for a couple of months. Security researchers are trying to get the ShellShock vulnerability fixed, before the serious cybercriminals start using the ShellShock Bash exploit in massive and multiple campaigns.
It had been reported that the ShellShock Bash exploit had been used in a targeted attack, which targeted Akamai and the United States DOD.
The ClevCode website published a ShellShock Bash tool which allows you to scan specific ranges for specific CGI Bash exploit vulnerable websites.
The most shocking thing is, that if you use Google Dorks to find vulnerable CGI Bash exploit websites, Google will show you a massive list of 1.7 MILLION vulnerable websites.