From 174c74cbcb4761ebd1a217187b8d10b2b187b6b4 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Thu, 28 Sep 2017 14:43:08 +0300 Subject: [PATCH] Temporarily disable shellshock reporting its vulnerable pages --- chaos_monkey/exploit/shellshock.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/chaos_monkey/exploit/shellshock.py b/chaos_monkey/exploit/shellshock.py index 69df6abb3..80246c1d4 100644 --- a/chaos_monkey/exploit/shellshock.py +++ b/chaos_monkey/exploit/shellshock.py @@ -64,7 +64,8 @@ class ShellShockExploiter(HostExploiter): # we want to report all vulnerable URLs even if we didn't succeed # let's overload this - [self.report_vuln_shellshock(host, url) for url in exploitable_urls] + # TODO: uncomment when server is ready for it + # [self.report_vuln_shellshock(host, url) for url in exploitable_urls] # now try URLs until we install something on victim for _, url, header, exploit in exploitable_urls: