Ever since the shellshock vulnerability has been announced, we have seen a large number of scans probing it. Here is a quick review of exploits that our honeypots and live servers have seen so far:

1 - Simple "vulnerability checks" that used custom User-Agents:
2 - Bots using the shellshock vulnerability:
3 - Vulnerability checks using multiple headers:
4 - Using Multiple headers to install perl reverse shell

To learn more, check this link ! 
http://cur.lv/el7ml