Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Public shellscripts

By kannthu

Low
Vidoc logoVidoc Module
#bash#exposure#files
Description

What is the "Public shellscripts?"

The "Public shellscripts" module is designed to detect potential vulnerabilities in publicly exposed shell scripts. It targets scripts written in Bash and aims to identify any misconfigurations or security issues that may exist within these scripts. The severity of the vulnerabilities detected by this module is classified as low. The original author of this module is panch0r3d.

Impact

If vulnerabilities are found in the public shell scripts, it could potentially lead to unauthorized access, data breaches, or the execution of malicious code. It is important to address any identified vulnerabilities promptly to mitigate these risks.

How does the module work?

The "Public shellscripts" module works by sending HTTP requests to specific paths associated with common shell script files. It then applies matching conditions to determine if any vulnerabilities exist. The matching conditions include:

- Checking the body of the response for the presence of keywords such as "bin/sh" or "bin/bash" using regular expressions. - Inspecting the headers of the response for specific content types, including "application/x-sh", "text/plain", or "text/x-sh". - Verifying that the response status code is 200 (OK).

If all of these conditions are met, the module will report a potential vulnerability in the shell script.

Here is an example of an HTTP request sent by the module:

GET /.build.sh

It is important to note that this description provides an overview of the module's functionality and does not include the actual JSON definitions used by the Vidoc platform.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.build.sh/.jenkins.sh/.travis.sh(+20 paths)
Matching conditions
regex: .*?bin.*?sh, .*?bin.*?bashand
word: application/x-sh, text/plain, text/x-shand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability