Merge pull request #224 from VakarisZ/shellshock_timeout_handling

Shellshock timeout exception handling

monkey/infection_monkey/exploit/shellshock.py

@@ -202,8 +202,17 @@ class ShellShockExploiter(HostExploiter):
         if is_https:
             attack_path = 'https://'
         attack_path = attack_path + str(host) + ":" + str(port)
+        reqs = []
+        timeout = False
         attack_urls = [attack_path + url for url in url_list]
-        reqs = [requests.head(u, verify=False, timeout=TIMEOUT) for u in attack_urls]
+        for u in attack_urls:
+            try:
+                reqs.append(requests.head(u, verify=False, timeout=TIMEOUT))
+            except requests.Timeout:
+                timeout = True
+                break
+        if timeout:
+            LOG.debug("Some connections timed out while sending request to potentially vulnerable urls.")
         valid_resps = [req for req in reqs if req and req.status_code == requests.codes.ok]
         urls = [resp.url for resp in valid_resps]