From efde6d16433189f7a93a8a93a9d844cbbf1f89b4 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Thu, 6 Dec 2018 15:41:29 +0200
Subject: [PATCH] Shellshock exception handling

---
 monkey/infection_monkey/exploit/shellshock.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py
index b268371be..23880589a 100644
--- a/monkey/infection_monkey/exploit/shellshock.py
+++ b/monkey/infection_monkey/exploit/shellshock.py
@@ -202,8 +202,17 @@ class ShellShockExploiter(HostExploiter):
         if is_https:
             attack_path = 'https://'
         attack_path = attack_path + str(host) + ":" + str(port)
+        reqs = []
+        timeout = False
         attack_urls = [attack_path + url for url in url_list]
-        reqs = [requests.head(u, verify=False, timeout=TIMEOUT) for u in attack_urls]
+        for u in attack_urls:
+            try:
+                reqs.append(requests.head(u, verify=False, timeout=TIMEOUT))
+            except requests.Timeout:
+                timeout = True
+                continue
+        if timeout:
+            LOG.debug("Some connections timed out while sending request to potentially vulnerable urls.")
         valid_resps = [req for req in reqs if req and req.status_code == requests.codes.ok]
         urls = [resp.url for resp in valid_resps]