The best way to test for the Shellshock vulnerability is to do a credentialed local check against the Unix/Linux distribution. Nessus contains a number of plugins that make sure the operating system is patched. The most prevalent attack vector is through a web server hosting a script in /cgi-bin or via Server Side Includes. There are variations of the initial Shellshock attack vector which evade the first patch releases. As time goes by, it’s likely that other attack vectors will be found, and we will work hard to keep Nessus plugins updated.
Source: https://www.tenable.com/blog/hunting-for-shellshock-using-nessus