Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Shell History

By kannthu

Vidoc logoVidoc Module

What is the "Shell History" module?

The "Shell History" module is designed to detect misconfigurations related to shell history files. It targets the bash, ksh, sh, and zsh shells. This module has a low severity level and was authored by pentest_swissky and geeknik.


The "Shell History" module helps identify potential security risks associated with shell history files. By analyzing the contents of these files, the module can detect commands that may indicate unauthorized access or malicious activity. This information can be used to assess the overall security posture of the system and take appropriate actions to mitigate any identified risks.

How the module works?

The "Shell History" module works by sending HTTP requests to specific paths associated with shell history files, such as /.bash_history, /.ksh_history, /.sh_history, and /.zsh_history. It then applies a series of matching conditions to determine if any misconfigurations or vulnerabilities are present.

The module uses two types of matchers: word matchers and status matchers. Word matchers analyze the response content for specific keywords, such as mkdir, chmod, mv, nano, vim, pico, sudo, cd, cp, and ps aux. If any of these keywords are found, it indicates potential misconfigurations.

Status matchers check the HTTP response status code, and in this case, it looks for a status code of 200. If the response meets all the defined matching conditions, the module reports a potential misconfiguration or vulnerability.

It's important to note that the module also considers the response content type. If the response contains any of the following words: <?xml, <env, application/javascript, application/json, application/xml, html>, text/html, or image/, it will not report a misconfiguration or vulnerability.

By analyzing the shell history files and applying these matching conditions, the "Shell History" module helps identify potential security risks and provides valuable insights for further investigation and remediation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.bash_history/.ksh_history/.sh_history(+1 paths)
Matching conditions
word: mkdir , chmod , mv , nano , vim , pico ,...and
NOT word: <?xml, <env, application/javascript, app...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability