Zimperium Blog

zANTI2 Shellshock Scanner Plugin

Today Zimperium released a new plugin for zANTI2, the “Shellshock Scanner” capable of detecting the Shellshock BASH vulnerability on both a local network IP address or a remote host.

Once you select a target, the plugin will send multiple requests to popular CGI scripts to the host IP address. The ShellShock Scanner zANTI2 plugin sends a crafted HTTP request with a command injecting payload. It then checks the response of the server for known output patterns and signals the presence of the exploitable vulnerability.

You can download zANTI2 ShellShock Scanner plugin for free from:
https://s3.amazonaws.com/zANTI/zANTI2ShellshockPlugin.apk

How to install?
In order to install the ‘ShellShock Scanner’ Plugin as an extension to zANTI2, simply download the APK above and install via the following command line and install zANTIShellshockPlugin.apk
Expected output:
7190 KB/s (1712633 bytes in 0.232s)
pkg: /data/local/tmp/zANTI2ShellshockPlugin.apk

Success
zANTI2 Shellshock screen

You will now have zANTI2 ShellShock Plugin button.
Click on the target and check if it’s vulnerable or not.
zANTI2 Shellshock plugin

We have also developed an app that checks to see if your ROM has a vulnerable BASH version on the default installation. We believe that very few ROMs of Android devices may be susceptible to this attack. If you want to find out if your Android device is vulnerable, check out the Zimperium Shellshock Vulnerability Scanner by downloading it here with your Android device. This app will assess whether your mobile device is at risk for the ShellShock vulnerability. The app will determine if you are running a vulnerable version of BASH, or apps that include the BASH process.

If you are concerned about your smartphones and corporate network safety, please contact us for a free evaluation of zIPS, our Mobile Intrusion Prevention System, part of the Zimperium Mobile Security System.