Shellshock Scanner Free for Everyone

We care a lot about our customers’ security and every time a new major vulnerability comes out, we have your back. With that, we want to let you know that we added a suite of tests for the recent Bash vulnerability known as Shellshock to the Tinfoil web application scanner last week.

Shellshock is a high-severity vulnerability that allows an attacker to run arbitrary code on a vulnerable server. It’s important that you run a full scan on your sites and update Bash on any that are vulnerable. If you are a customer on any of our paid plans, recent and future scans include these tests. If you’re using our free XSS-only plan, we’ve added the Shellshock tests to run with any of your scans through the end of the year.

For non-customers, feel free to sign up for a Tinfoil Security account. You’ll automatically be enrolled in a free 30 day trial of our Standard plan and post-trial you can always keep scanning your website for XSS for free! Once in a trial, any scan run will test your website for the Shellshock vulnerability. Please note that this does not include scans run from our homepage.

If you’re having any issues running scans or have any questions, we welcome your questions and feedback. Feel free to chat with us or email us at any time.


Angel Irizarry

Angel Irizarry is the Software Samurai of Tinfoil Security, and a self-proclaimed software purist. All he needs to do his best work is a plain Linux machine with Git and Emacs installed. He loves everything about front-end development, like making pages interactive and super fast, even if that means digging in and optimizing some SQL. When he's not writing code, which isn't very often, you'll find him on his iPad scouring his RSS feeds for news and rumors of cool new gadgets.

Tinfoil Security Blog

Tinfoil Security provides the simplest security solution. With Tinfoil Security, your site is routinely monitored and checked for vulnerabilities using a scanner that's constantly updated. Using the same techniques as malicious hackers, we systematically test all the access points, instantly notifying you when there's a threat and giving you step-by-step instructions, tailored to your software stack, to eliminate it. You have a lot to manage; let us manage your website's security.