cgi-bin directory If you find a web that has the directory cgi-bin, you can try this command to check for ShellShock vulnerability: nikto -h IP_HOST