cve/2014/CVE-2014-6271.md

CVE-2014-6271

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

POC

Reference

• http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
• http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
• http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html
• http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html
• http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html
• http://www-01.ibm.com/support/docview.wss?uid=swg21685733
• http://www.qnap.com/i/en/support/con_show.php?cid=61
• https://hackerone.com/reports/29839
• https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
• https://www.exploit-db.com/exploits/34879/
• https://www.exploit-db.com/exploits/37816/
• https://www.exploit-db.com/exploits/38849/
• https://www.exploit-db.com/exploits/39918/
• https://www.exploit-db.com/exploits/40619/
• https://www.exploit-db.com/exploits/40938/
• https://www.exploit-db.com/exploits/42938/

Github

• https://github.com/00xNetrunner/Shodan_Cheet-Sheet
• https://github.com/0bfxgh0st/cve-2014-6271
• https://github.com/0x00-0x00/CVE-2014-6271
• https://github.com/0x0d3ad/Kn0ck
• https://github.com/0x43f/Exploits
• https://github.com/0x4D5352/rekall-penetration-test
• https://github.com/0xConstant/CVE-2014-6271
• https://github.com/0xConstant/ExploitDevJourney
• https://github.com/0xICF/ShellScan
• https://github.com/0xN7y/CVE-2014-6271
• https://github.com/0xStrygwyr/OSCP-Guide
• https://github.com/0xT11/CVE-POC
• https://github.com/0xTabun/CVE-2014-6271
• https://github.com/0xZipp0/OSCP
• https://github.com/0xget/cve-2001-1473
• https://github.com/0xh4di/PayloadsAllTheThings
• https://github.com/0xh4di/awesome-pentest
• https://github.com/0xh4di/awesome-security
• https://github.com/0xkasra/CVE-2014-6271
• https://github.com/0xkasra/ExploitDevJourney
• https://github.com/0xm154n7hr0p3/gitbook
• https://github.com/0xp4nda/awesome-pentest
• https://github.com/0xp4nda/web-hacking
• https://github.com/0xsyr0/OSCP
• https://github.com/13gbc/Vulnerability-Analysis
• https://github.com/15866095848/15866095848
• https://github.com/1evilroot/Recursos_Pentest
• https://github.com/20142995/pocsuite
• https://github.com/20142995/sectool
• https://github.com/2fcfead89517/8da72bae
• https://github.com/352926/shellshock_crawler
• https://github.com/3llio0T/Active-
• https://github.com/3vikram/Application-Vulnerabilities-Payloads
• https://github.com/5l1v3r1/ss-6271
• https://github.com/718245903/Safety-Project-Collection
• https://github.com/84KaliPleXon3/Payloads_All_The_Things
• https://github.com/9069332997/session-1-full-stack
• https://github.com/APSL/salt-shellshock
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/AaronVigal/AwesomeHacking
• https://github.com/Acaard/HTB-Shocker
• https://github.com/AciddSatanist/shellshocker.sh
• https://github.com/Addho/test
• https://github.com/AfvanMoopen/tryhackme-
• https://github.com/Al1ex/Awesome-Pentest
• https://github.com/AlissoftCodes/Shellshock
• https://github.com/AlissonFaoli/Shellshock
• https://github.com/Amousgrde/shmilytly
• https://github.com/AnLoMinus/PenTest
• https://github.com/Anklebiter87/Cgi-bin_bash_Reverse
• https://github.com/Any3ite/CVE-2014-6271
• https://github.com/Aruthw/CVE-2014-6271
• https://github.com/AvasDream/terraform_hacking_lab
• https://github.com/Az4ar/shocker
• https://github.com/BCyberSavvy/Python
• https://github.com/Babiuch-Michal/awesome-security
• https://github.com/BetaZeon/CyberSecurity_Resources
• https://github.com/BionicSwash/Awsome-Pentest
• https://github.com/BitTheByte/Eagle
• https://github.com/Brandaoo/CVE-2014-6271
• https://github.com/Bypass007/Safety-Project-Collection
• https://github.com/ByteHackr/HackingTools-2
• https://github.com/CPT-Jack-A-Castle/HackingGuide
• https://github.com/CVEDB/PoC-List
• https://github.com/CVEDB/awesome-cve-repo
• https://github.com/CVEDB/top
• https://github.com/ChesnoiuCatalin/Home-Lab-VM
• https://github.com/Correia-jpv/fucking-awesome-pentest
• https://github.com/CrackerCat/myhktools
• https://github.com/CyberRide/hacking-tools
• https://github.com/CyberSavvy/python-pySecurity
• https://github.com/CyberlearnbyVK/redteam-notebook
• https://github.com/Cyberleet1337/Payloadswebhack
• https://github.com/Cyberz189/SIEM-Lab
• https://github.com/D3Ext/PentestDictionary
• https://github.com/DanMcInerney/shellshock-hunter
• https://github.com/DanMcInerney/shellshock-hunter-google
• https://github.com/DarkenCode/PoC
• https://github.com/Darkrai-404/Penetration-Testing-Writeups
• https://github.com/DeaDHackS/Evil-Shock
• https://github.com/DebianDave/Research_Topics
• https://github.com/Delishsploits/PayloadsAndMethodology
• https://github.com/DevXHuco/Zec1Ent
• https://github.com/Dilith006/CVE-2014-6271
• https://github.com/Dionsyius/Awsome-Security
• https://github.com/Dionsyius/pentest
• https://github.com/DrPandemic/RBE
• https://github.com/Elsfa7-110/kenzer-templates
• https://github.com/EvanK/shocktrooper
• https://github.com/EvilAnne/Python_Learn
• https://github.com/EvilHat/awesome-hacking
• https://github.com/EvilHat/awesome-security
• https://github.com/EvilHat/pentest-resource
• https://github.com/EvolvingSysadmin/Shellshock
• https://github.com/Fa1c0n35/Penetration-Testing02
• https://github.com/Fedex100/awesome-hacking
• https://github.com/Fedex100/awesome-pentest
• https://github.com/Fedex100/awesome-security
• https://github.com/FilipStudeny/-CVE-2014-6271-Shellshock-Remote-Command-Injection-
• https://github.com/FoxSecIntel/Vulnerability-Analysis
• https://github.com/GhostTroops/TOP
• https://github.com/GhostTroops/myhktools
• https://github.com/GulIqbal87/Pentest
• https://github.com/Gurguii/cgi-bin-shellshock
• https://github.com/GuynnR/Payloads
• https://github.com/H0j3n/EzpzCheatSheet
• https://github.com/H4CK3RT3CH/Awesome-Pentest-Reference
• https://github.com/H4CK3RT3CH/Penetration-Testing
• https://github.com/H4CK3RT3CH/awesome-pentest
• https://github.com/H4CK3RT3CH/awesome-web-hacking
• https://github.com/HackerMW88/labsetup
• https://github.com/Hec7or-Uni/seginf-pr-1
• https://github.com/Hemanthraju02/awesome-pentest
• https://github.com/Hemanthraju02/web-hacking
• https://github.com/Horovtom/BSY-bonus
• https://github.com/HttpEduardo/ShellTHEbest
• https://github.com/Hunter-404/shmilytly
• https://github.com/IAmATeaPot418/insecure-deployments
• https://github.com/IZAORICASTm/CHARQITO_NET
• https://github.com/ImranTheThirdEye/awesome-web-hacking
• https://github.com/InfoSecDion/Splunk-Incident-Response-Lab
• https://github.com/JERRY123S/all-poc
• https://github.com/JPedroVentura/Shocker
• https://github.com/Jahismighty/pentest-apps
• https://github.com/Jay-Idrees/UPenn-CyberSecurity-Penetration-Testing
• https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
• https://github.com/Joao-Paulino/CyberSecurity
• https://github.com/Joao-Paulino/CyberSecurityPenTest
• https://github.com/Jsmoreira02/CVE-2014-6271
• https://github.com/Jsmoreira02/Jsmoreira02
• https://github.com/Juan921030/awesome-hacking
• https://github.com/K3ysTr0K3R/CVE-2014-6271-EXPLOIT
• https://github.com/KJOONHWAN/CVE-Exploit-Demonstration
• https://github.com/Kaizhe/attacker
• https://github.com/KateFayra/auto_vulnerability_tester
• https://github.com/Kr1tz3x3/HTB-Writeups
• https://github.com/LearnGolang/LearnGolang
• https://github.com/LiuYuancheng/ChatGPT_on_CTF
• https://github.com/LubinLew/WEB-CVE
• https://github.com/Ly0nt4r/OSCP
• https://github.com/Ly0nt4r/ShellShock
• https://github.com/MY7H404/CVE-2014-6271-Shellshock
• https://github.com/Mehedi-Babu/enumeration_cheat_sht
• https://github.com/Mehedi-Babu/ethical_hacking_cyber
• https://github.com/Meowmycks/OSCPprep-SickOs1.1
• https://github.com/MiChuan/PenTesting
• https://github.com/Micr067/Pentest_Note
• https://github.com/Miss-Brain/Web-Application-Security
• https://github.com/Moe-93/penttest
• https://github.com/Mohamed-Messai/Penetration-Testing
• https://github.com/Mohamed8Saw/awesome-pentest
• https://github.com/Montana/openshift-network-policies
• https://github.com/Mr-Cyb3rgh0st/Ethical-Hacking-Tutorials
• https://github.com/MrCl0wnLab/ShellShockHunter
• https://github.com/Muhammad-Hammad-Shafqat/awesome-pentest
• https://github.com/Muhammd/Awesome-Payloads
• https://github.com/Muhammd/Awesome-Pentest
• https://github.com/MuirlandOracle/CVE-2014-6271-IPFire
• https://github.com/MyKings/docker-vulnerability-environment
• https://github.com/NCSU-DANCE-Research-Group/CDL
• https://github.com/Nieuport/Awesome-Security
• https://github.com/Nieuport/PayloadsAllTheThings
• https://github.com/NikolaKostadinov01/Cyber-Security-Base-project-two
• https://github.com/OshekharO/Penetration-Testing
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/Oxc4ndl3/Hacking
• https://github.com/P0cL4bs/ShellShock-CGI-Scan
• https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups
• https://github.com/Parker-Brother/Red-Team-Resources
• https://github.com/Pav-ksd-pl/PayloadsAllTheThings
• https://github.com/Pilou-Pilou/docker_CVE-2014-6271.
• https://github.com/PixelDef/Shocker
• https://github.com/PleXone2019/awesome-hacking
• https://github.com/Prodject/Kn0ck
• https://github.com/Programming-Fun/awesome-pentest
• https://github.com/QWERTSKIHACK/awesome-web-hacking
• https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s
• https://github.com/RDKPatil/Penetration-test
• https://github.com/Ra7mo0on/PayloadsAllTheThings
• https://github.com/RainMak3r/Rainstorm
• https://github.com/Ratlesv/Shock
• https://github.com/RepTambe/TryHackMeSOCPath
• https://github.com/RickDeveloperr/lista-de-Ferramentas-hacker
• https://github.com/Riyasachan/Shockpot
• https://github.com/RuanMuller/bro-shellshock
• https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I
• https://github.com/SaltwaterC/sploit-tools
• https://github.com/Sanket-HP/Ethical-Hacking-Tutorial
• https://github.com/Secop/awesome-security
• https://github.com/Sep0lkit/oval-for-el
• https://github.com/Sindadziy/cve-2014-6271
• https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271
• https://github.com/SirElmard/ethical_hacking
• https://github.com/SleepProgger/another_shellshock_test
• https://github.com/Soldie/Colection-pentest
• https://github.com/Soldie/PayloadsAllTheThings
• https://github.com/Soldie/Penetration-Testing
• https://github.com/Soldie/awesome-pentest-listas
• https://github.com/Soundaryakambhampati/test-6
• https://github.com/SureshKumarPakalapati/-Penetration-Testing
• https://github.com/Swordfish-Security/Pentest-In-Docker
• https://github.com/TalekarAkshay/HackingGuide
• https://github.com/TalekarAkshay/Pentesting-Guide
• https://github.com/TheRipperJhon/Evil-Shock
• https://github.com/Think-Cube/AwesomeSecurity
• https://github.com/Threekiii/Awesome-POC
• https://github.com/Threekiii/Vulhub-Reproduce
• https://github.com/Tiriel-Alyptus/Pentest
• https://github.com/Trietptm-on-Awesome-Lists/become-a-penetration-tester
• https://github.com/Tripwire/bashbug-shellshock-test
• https://github.com/UMDTERPS/Shell-Shock-Update
• https://github.com/UroBs17/hacking-tools
• https://github.com/Voxer/nagios-plugins
• https://github.com/WangAnge/security
• https://github.com/WireSeed/eHacking_LABS
• https://github.com/XPR1M3/Payloads_All_The_Things
• https://github.com/Xandevistan/CVE-Exploit-Demonstration
• https://github.com/Xcod3bughunt3r/ExploitsTools
• https://github.com/XiphosResearch/exploits
• https://github.com/Ygodsec/-
• https://github.com/Zamanry/OSCP_Cheatsheet
• https://github.com/Zeus-K/hahaha
• https://github.com/Zxser/hackers
• https://github.com/aalderman19/CyberSec-Assignement9
• https://github.com/abdullaah019/splunkinvestigation4
• https://github.com/abhinavkakku/Ethical-Hacking-Tutorials
• https://github.com/adm0i/Web-Hacking
• https://github.com/adriEzeMartinez/securityResources
• https://github.com/advanderveer/libsecurity
• https://github.com/advdv/libsecurity
• https://github.com/aghawmahdi/Penetration-Tester-Interview-Q-A
• https://github.com/ahmednreldin/container_security
• https://github.com/ajansha/shellshock
• https://github.com/ajino2k/awesome-security
• https://github.com/akansha-nec/Insecure-Deploy
• https://github.com/akiraaisha/shellshocker-python
• https://github.com/akr3ch/CVE-2014-6271
• https://github.com/albinowax/ActiveScanPlusPlus
• https://github.com/alex14324/Eagel
• https://github.com/amalaqd/InfoSecPractitionerToolsList
• https://github.com/amcai/myscan
• https://github.com/amitnandi04/Common-Vulnerability-Exposure-CVE-
• https://github.com/andr3w-hilton/Penetration_Testing_Resources
• https://github.com/andrewxx007/MyExploit-ShellShock
• https://github.com/andrysec/PayloadsAllVulnerability
• https://github.com/anhtu97/PayloadAllEverything
• https://github.com/ankh2054/linux-pentest
• https://github.com/anquanscan/sec-tools
• https://github.com/antoinegoze/learn-web-hacking
• https://github.com/antsala/eHacking_LABS
• https://github.com/anujbhan/shellshock-victim-host
• https://github.com/apkadmin/PayLoadsAll
• https://github.com/ariarijp/vagrant-shellshock
• https://github.com/arthunix/CTF-SECOMP-UFSCar-2023
• https://github.com/arturluik/metapply
• https://github.com/atesemre/PenetrationTestAwesomResources
• https://github.com/aylincetin/PayloadsAllTheThings
• https://github.com/aymankhder/awesome-pentest
• https://github.com/b01u/exp
• https://github.com/b4keSn4ke/CVE-2014-6271
• https://github.com/bakery312/Vulhub-Reproduce
• https://github.com/battleofthebots/decepticon
• https://github.com/bdisann/ehmylist
• https://github.com/birdhan/SecurityProduct
• https://github.com/birdhan/Security_Product
• https://github.com/blackpars4x4/pentesting
• https://github.com/brchenG/carpedm20
• https://github.com/briskinfosec/Tools
• https://github.com/capisano/shellshock-scanner-chrome
• https://github.com/capture0x/XSHOCK
• https://github.com/carlosadrianosj/LAZY_NMAP_HUNTER
• https://github.com/carpedm20/awesome-hacking
• https://github.com/casjayhak/pentest
• https://github.com/catsecorg/CatSec-TryHackMe-WriteUps
• https://github.com/cgygdc/blog
• https://github.com/chanchalpatra/payload
• https://github.com/chuang76/writ3up
• https://github.com/cj1324/CGIShell
• https://github.com/cjphaha/eDefender
• https://github.com/clout86/Navi
• https://github.com/clout86/the-read-team
• https://github.com/corelight/bro-shellshock
• https://github.com/criticalstack/bro-scripts
• https://github.com/cscannell-inacloud/awesome-hacking
• https://github.com/cved-sources/cve-2014-6271
• https://github.com/cyberanand1337x/bug-bounty-2022
• https://github.com/cyberdeception/deepdig
• https://github.com/cyberharsh/Shellbash-CVE-2014-6271
• https://github.com/cyberintruder/ShellShockAttacker
• https://github.com/cyberwisec/pentest-tools
• https://github.com/czq945659538/-study
• https://github.com/d4redevilx/eJPT-notes
• https://github.com/d4redevilx/eJPTv2-notes
• https://github.com/dadglad/aawesome-security
• https://github.com/dannymas/FwdSh3ll
• https://github.com/darkcatdark/awesome-pentest
• https://github.com/dasekang/North-Korea-SW
• https://github.com/davidemily/Research_Topics
• https://github.com/demining/ShellShock-Attack
• https://github.com/derickjoseph8/Week-16-UCB-Homework
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/devhackrahul/Penetration-Testing-
• https://github.com/devkw/PentestDictionary
• https://github.com/dhaval17/ShellShock
• https://github.com/dinamsky/awesome-security
• https://github.com/dlitz/bash-cve-2014-6271-fixes
• https://github.com/dlitz/bash-shellshock
• https://github.com/dlorenc/shellshocked
• https://github.com/do0dl3/myhktools
• https://github.com/dobyfreejr/Project-2
• https://github.com/dokku-alt/dokku-alt
• https://github.com/dr4v/exploits
• https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking
• https://github.com/drerx/awesome-pentest
• https://github.com/drerx/awesome-web-hacking
• https://github.com/ducducuc111/Awesome-pentest
• https://github.com/e-hakson/OSCP
• https://github.com/ebantula/eHacking_LABS
• https://github.com/edsonjt81/Recursos-Pentest
• https://github.com/eduardo-paim/ShellTHEbest
• https://github.com/edwinmelero/Security-Onion
• https://github.com/ehackify/shockpot
• https://github.com/eljosep/OSCP-Guide
• https://github.com/ellerbrock/docker-tutorial
• https://github.com/enaqx/awesome-pentest
• https://github.com/erSubhashThapa/pentesting
• https://github.com/eric-erki/Penetration-Testing
• https://github.com/eric-erki/awesome-pentest
• https://github.com/eric-gitta-moore/Safety-Project-Collection
• https://github.com/ericlake/fabric-shellshock
• https://github.com/falocab/PayloadsAllTheThings
• https://github.com/fares-alkhalaf/BurbsuiteInArabic
• https://github.com/fedoraredteam/cyber-range-target
• https://github.com/feiteira2/Pentest-Tools
• https://github.com/foobarto/redteam-notebook
• https://github.com/francisck/shellshock-cgi
• https://github.com/fxschaefer/ejpt
• https://github.com/gabemarshall/shocknaww
• https://github.com/gauss77/LaboratoriosHack
• https://github.com/ghoneycutt/puppet-module-cve
• https://github.com/gipi/cve-cemetery
• https://github.com/giterlizzi/secdb-feeds
• https://github.com/gitter-badger/scripts-3
• https://github.com/gkhays/bash
• https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck
• https://github.com/gpoojareddy/Security
• https://github.com/greenmindlabs/docker-for-pentest
• https://github.com/gwyomarch/CVE-Collection
• https://github.com/gyh95226/Bypass007
• https://github.com/hacden/vultools
• https://github.com/hadrian3689/shellshock
• https://github.com/hailan09/Hacker
• https://github.com/hanmin0512/CVE-2014-6271_pwnable
• https://github.com/hannob/bashcheck
• https://github.com/hcasaes/penetration-testing-resources
• https://github.com/hecticSubraz/Network-Security-and-Database-Vulnerabilities
• https://github.com/hectorgie/PoC-in-GitHub
• https://github.com/heikipikker/shellshock-shell
• https://github.com/hellochunqiu/PayloadsAllTheThings
• https://github.com/hilal007/E-Tip
• https://github.com/himera25/web-hacking-list
• https://github.com/hktalent/TOP
• https://github.com/hktalent/myhktools
• https://github.com/hmlio/vaas-cve-2014-6271
• https://github.com/httpEduardo/ShellTHEbest
• https://github.com/huangzhe312/pentest
• https://github.com/huanlu/cve-2014-6271-huan-lu
• https://github.com/i-snoop-4-u/Refs
• https://github.com/iamramadhan/Awesome-Pentest
• https://github.com/iamramahibrah/awesome-penetest
• https://github.com/ibr2/awesome-pentest
• https://github.com/ido/macosx-bash-92-shellshock-patched
• https://github.com/ilismal/Nessus_CVE-2014-6271_check
• https://github.com/illcom/vigilant-umbrella
• https://github.com/indiandragon/Shellshock-Vulnerability-Scan
• https://github.com/infosecmahi/AWeSome_Pentest
• https://github.com/infosecmahi/awesome-pentest
• https://github.com/infoslack/awesome-web-hacking
• https://github.com/inspirion87/w-test
• https://github.com/internero/debian-lenny-bash_3.2.52-cve-2014-6271
• https://github.com/iqrok/myhktools
• https://github.com/isnoop4u/Refs
• https://github.com/j5inc/week9
• https://github.com/james-curtis/Safety-Project-Collection
• https://github.com/jblaine/cookbook-bash-CVE-2014-6271
• https://github.com/jbmihoub/all-poc
• https://github.com/jcollie/shellshock_salt_grain
• https://github.com/jdauphant/patch-bash-shellshock
• https://github.com/jeholliday/shellshock
• https://github.com/jerryxk/awesome-hacking
• https://github.com/jj1bdx/bash-3.2-osx-fix
• https://github.com/jmedeng/suriya73-exploits
• https://github.com/jottama/pentesting
• https://github.com/justone0127/Red-Hat-Advanced-Cluster-Security-for-Kubernetes-Operator-Installation
• https://github.com/justone0127/Red-Hat-Cluster-Security-for-Kubernetes-Operator-Installation
• https://github.com/justzx2011/bash-up
• https://github.com/kalivim/pySecurity
• https://github.com/kelleykong/cve-2014-6271-mengjia-kong
• https://github.com/kerk1/ShellShock-Scenario
• https://github.com/kgwanjala/oscp-cheatsheet
• https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
• https://github.com/kielSDeM/Black-Zero
• https://github.com/kinourik/hacking-tools
• https://github.com/kk98kk0/Payloads
• https://github.com/kowshik-sundararajan/CVE-2014-6271
• https://github.com/kraloveckey/venom
• https://github.com/ksw9722/PayloadsAllTheThings
• https://github.com/kxcode/kbash
• https://github.com/lethanhtrung22/Awesome-Hacking
• https://github.com/linchong-cmd/BugLists
• https://github.com/linuxjustin/Pentest
• https://github.com/linuxjustin/Tools
• https://github.com/liorsivan/hackthebox-machines
• https://github.com/liquidlegs/naths-hacking-walkthroughs
• https://github.com/lotusirous/vulnwebcollection
• https://github.com/louisdeck/empiricism
• https://github.com/loyality7/Awesome-Cyber
• https://github.com/lp008/Hack-readme
• https://github.com/mahyarx/pentest-tools
• https://github.com/majidkalantarii/WebHacking
• https://github.com/make0day/pentest
• https://github.com/maragard/genestealer
• https://github.com/marrocamp/Impressionante-pentest
• https://github.com/marrocamp/Impressionante-teste-de-penetra-o
• https://github.com/marrocamp/arsenal-pentest-2017
• https://github.com/marroocamp/Recursos-pentest
• https://github.com/mashihoor/awesome-pentest
• https://github.com/mattclegg/CVE-2014-6271
• https://github.com/matthewlinks/shellshock-Ansible
• https://github.com/meherarfaoui09/meher
• https://github.com/merlinepedra/HACKING2
• https://github.com/merlinepedra/nuclei-templates
• https://github.com/merlinepedra25/HACKING2
• https://github.com/merlinepedra25/nuclei-templates
• https://github.com/mhshafqat3/awesome-pentest
• https://github.com/milesbench/ShellshockScan
• https://github.com/minkhant-dotcom/awesome_security
• https://github.com/moayadalmalat/shellshock-exploit
• https://github.com/mochizuki875/CVE-2014-6271-Apache-Debian
• https://github.com/mostakimur/SecurityTesting_web-hacking
• https://github.com/mrhacker51/ReverseShellCommands
• https://github.com/mrigank-9594/Exploit-Shellshock
• https://github.com/mritunjay-k/CVE-2014-6271
• https://github.com/mubix/shellshocker-pocs
• https://github.com/mussar0x4D5352/rekall-penetration-test
• https://github.com/mwhahaha/ansible-shellshock
• https://github.com/nabaratanpatra/CODE-FOR-FUN
• https://github.com/natehardn/A-collection-of-Awesome-Penetration-Testing-Resources
• https://github.com/nevidimk0/PayloadsAllTheThings
• https://github.com/nikamajinkya/PentestEx
• https://github.com/nitishbadole/oscp-note-3
• https://github.com/njlochner/auto_vulnerability_tester
• https://github.com/nodenica/node-shellshock
• https://github.com/nodoyuna09/eHacking_LABS
• https://github.com/noname1007/PHP-Webshells-Collection
• https://github.com/noname1007/awesome-web-hacking
• https://github.com/notsag-dev/htb-shocker
• https://github.com/npm/ansible-bashpocalypse
• https://github.com/numenta/agamotto
• https://github.com/nvnpsplt/hack
• https://github.com/ohfunc/pwnable
• https://github.com/oncybersec/oscp-enumeration-cheat-sheet
• https://github.com/oneplus-x/Awesome-Pentest
• https://github.com/oneplus-x/Sn1per
• https://github.com/oneplus-x/jok3r
• https://github.com/oneplush/hacking_tutorials
• https://github.com/opragel/shellshockFixOSX
• https://github.com/opsxcq/exploit-CVE-2014-6271
• https://github.com/optiv/burpshellshock
• https://github.com/oscpname/OSCP_cheat
• https://github.com/oubaidHL/Security-Pack-
• https://github.com/ozkanbilge/Payloads
• https://github.com/pacopeng/paco-acs-demo
• https://github.com/paolokalvo/Ferramentas-Cyber-Security
• https://github.com/parveshkatoch/Penetration-Testing
• https://github.com/paulveillard/cybersecurity
• https://github.com/paulveillard/cybersecurity-ethical-hacking
• https://github.com/paulveillard/cybersecurity-hacking
• https://github.com/paulveillard/cybersecurity-penetration-testing
• https://github.com/paulveillard/cybersecurity-pentest
• https://github.com/paulveillard/cybersecurity-web-hacking
• https://github.com/pbr94/Shellshock-Bash-Remote-Code-Execution-Vulnerability-and-Exploitation
• https://github.com/pombredanne/VulnerabilityDBv2
• https://github.com/post-internet/about
• https://github.com/pr0code/web-hacking
• https://github.com/prasadnadkarni/Pentest-resources
• https://github.com/prince-7/CTF_Cheatsheet
• https://github.com/proclnas/ShellShock-CGI-Scan
• https://github.com/pwn4food/docker-for-pentest
• https://github.com/pwnGuy/shellshock-shell
• https://github.com/pwnlandia/shockpot
• https://github.com/qinguangjun/awesome-security
• https://github.com/r3p3r/awesome-pentest
• https://github.com/r3p3r/nixawk-awesome-pentest
• https://github.com/r3p3r/paralax-awesome-pentest
• https://github.com/r3p3r/paralax-awesome-web-hacking
• https://github.com/raimundojimenez/eHacking_LABS
• https://github.com/rajangiri01/test
• https://github.com/ramnes/pyshellshock
• https://github.com/ranjan-prp/PayloadsAllTheThings
• https://github.com/rashmikadileeshara/CVE-2014-6271-Shellshock-
• https://github.com/ravijainpro/payloads_xss
• https://github.com/readloud/ShellShockHunter-v1.0
• https://github.com/realCheesyQuesadilla/Research_Topics
• https://github.com/redteam-project/cyber-range-scenarios
• https://github.com/redteam-project/cyber-range-target
• https://github.com/renanvicente/puppet-shellshock
• https://github.com/retr0-13/awesome-pentest-resource
• https://github.com/revanmalang/OSCP
• https://github.com/ricedu/bash-4.2-patched
• https://github.com/riikunn1004/oscp-cheatsheet
• https://github.com/rjdj0261/-Awesome-Hacking-
• https://github.com/rmetzler/ansible-shellshock-fix
• https://github.com/rodolfomarianocy/OSCP-Tricks-2023
• https://github.com/roninAPT/pentest-kit
• https://github.com/rrmomaya2900/0dayWriteup-THM
• https://github.com/rrreeeyyy/cve-2014-6271-spec
• https://github.com/rsc-dev/cve_db
• https://github.com/rvolosatovs/mooshy
• https://github.com/ryancnelson/patched-bash-4.3
• https://github.com/ryeyao/CVE-2014-6271_Test
• https://github.com/ryuzee-cookbooks/bash
• https://github.com/sachinis/pentest-resources
• https://github.com/samba234/Sniper
• https://github.com/sardarahmed705/Pentest-Dictionary
• https://github.com/sardarahmed705/Pentesting
• https://github.com/sbilly/awesome-security
• https://github.com/sch3m4/RIS
• https://github.com/scottjpack/shellshock_scanner
• https://github.com/securusglobal/BadBash
• https://github.com/severnake/awesome-pentest
• https://github.com/sgxguru/awesome-pentest
• https://github.com/sharpleynate/A-collection-of-Awesome-Penetration-Testing-Resources
• https://github.com/shawntns/exploit-CVE-2014-6271
• https://github.com/shayezkarim/pentest
• https://github.com/shaynewang/exploits
• https://github.com/shildenbrand/Exploits
• https://github.com/shmilylty/awesome-hacking
• https://github.com/smartFlash/pySecurity
• https://github.com/snovvcrash/FwdSh3ll
• https://github.com/snoww0lf/ShellshockRCE
• https://github.com/sobinge/--1
• https://github.com/sobinge/PayloadsAllTheThings
• https://github.com/sobinge/PayloadsAllThesobinge
• https://github.com/sobinge/nuclei-templates
• https://github.com/somhm-solutions/Shell-Shock
• https://github.com/spy86/Security-Awesome
• https://github.com/stillHere3000/KnownMalware
• https://github.com/sulsseo/BSY-report
• https://github.com/sunnyjiang/shellshocker-android
• https://github.com/sv3nbeast/Attack-Notes
• https://github.com/t0m4too/t0m4to
• https://github.com/takuzoo3868/laputa
• https://github.com/tanjiti/sec_profile
• https://github.com/tardummy01/awesome-pentest-4
• https://github.com/teedeedubya/bash-fix-exploit
• https://github.com/testermas/tryhackme
• https://github.com/thanshurc/awesome-pentest
• https://github.com/thanshurc/awesome-web-hacking
• https://github.com/the-emmon/IPFire-RCE-exploit
• https://github.com/themson/shellshock
• https://github.com/thydel/ar-fix-bash-bug
• https://github.com/tilez8/cybersecurity
• https://github.com/tobor88/Bash
• https://github.com/touchmycrazyredhat/myhktools
• https://github.com/trapp3rhat/CVE-shellshock
• https://github.com/trhacknon/CVE-2014-6271
• https://github.com/trhacknon/Xpl-SHELLSHOCK-Ch3ck
• https://github.com/trhacknon/exploit-CVE-2014-6271
• https://github.com/trhacknon/myhktools
• https://github.com/tristan-spoerri/Penetration-Testing
• https://github.com/twseptian/vulnerable-resource
• https://github.com/txuswashere/OSCP
• https://github.com/txuswashere/Penetration-Testing
• https://github.com/u20024804/bash-3.2-fixed-CVE-2014-6271
• https://github.com/u20024804/bash-4.2-fixed-CVE-2014-6271
• https://github.com/u20024804/bash-4.3-fixed-CVE-2014-6271
• https://github.com/ulisesrc/ShellShock
• https://github.com/ulm1ghty/HackingGuide
• https://github.com/unixorn/shellshock-patch-osx
• https://github.com/unusualwork/Sn1per
• https://github.com/uoanlab/vultest
• https://github.com/val922/cyb3r53cur1ty
• https://github.com/vikasphonsa/waflz
• https://github.com/villadora/CVE-2014-6271
• https://github.com/vishalrudraraju/Pen-test
• https://github.com/w4fz5uck5/ShockZaum-CVE-2014-6271
• https://github.com/wangyi0127/SOSP_record
• https://github.com/wanirauf/pentest
• https://github.com/warriordog/little-log-scan
• https://github.com/watsoncoders/pablo_rotem_security
• https://github.com/wattson-coder/pablo_rotem_security
• https://github.com/webshell1414/hacking
• https://github.com/weeka10/-hktalent-TOP
• https://github.com/wenyu1999/bash-shellshock
• https://github.com/westcon3dlab/3dlab
• https://github.com/whitfieldsdad/epss
• https://github.com/windware1203/InfoSec_study
• https://github.com/winterwolf32/PayloadsAllTheThings
• https://github.com/winterwolf32/Penetration-Testing
• https://github.com/winterwolf32/awesome-web-hacking
• https://github.com/winterwolf32/awesome-web-hacking-1
• https://github.com/woltage/CVE-2014-6271
• https://github.com/wtsxDev/List-of-web-application-security
• https://github.com/wtsxDev/Penetration-Testing
• https://github.com/wwt9829/CSEC-742-Project
• https://github.com/x-o-r-r-o/PHP-Webshells-Collection
• https://github.com/x2c3z4/shellshock_crawler
• https://github.com/xbarnasp/Experimental-Testing-of-LSM
• https://github.com/xdistro/ShellShock
• https://github.com/xhref/OSCP
• https://github.com/xiaoy-sec/Pentest_Note
• https://github.com/xiduoc/Awesome-Security
• https://github.com/yanicklandry/bashfix
• https://github.com/yige666/awesome-pentest
• https://github.com/yllnelaj/awesome-pentest
• https://github.com/yojiwatanabe/NetworkAlarm
• https://github.com/yukitsukai47/PenetrationTesting_cheatsheet
• https://github.com/yumoL/cybersecurity-project2
• https://github.com/zalalov/CVE-2014-6271
• https://github.com/zeroch1ll/CodePathWeek9
• https://github.com/zgimszhd61/awesome-security
• https://github.com/zhang040723/web