Facbook Pixel


Test your server for the Shellshock vulnerability

After patching your server, run the following tests to make sure your server is safe from the Shellshock vulnerability.

Note: These tests work on all versions of Linux.

  1. Run the following command:
    cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
    A correctly-patched server will return:
    datecat: /tmp/echo: No such file or directory
  2. Run the following command:
    env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

    Clean servers' responses will vary depending on the BASH version, but you should see test near the the bottom of the output.

    Vulnerable servers' response will be vulnerable.

Warning: Your server must pass both tests to be considered safe from the bash vulnerability.