{"id":17235330,"url":"https://github.com/sethsec/pycodeinjection","last_synced_at":"2025-09-05T00:37:57.295Z","repository":{"id":46430842,"uuid":"72041999","full_name":"sethsec/PyCodeInjection","owner":"sethsec","description":"Automated Python Code Injection Tool","archived":false,"fork":false,"pushed_at":"2021-10-13T18:37:25.000Z","size":23,"stargazers_count":88,"open_issues_count":0,"forks_count":23,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-14T02:38:11.388Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sethsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-26T20:32:53.000Z","updated_at":"2025-03-17T19:16:05.000Z","dependencies_parsed_at":"2022-09-23T00:51:08.215Z","dependency_job_id":null,"html_url":"https://github.com/sethsec/PyCodeInjection","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sethsec/PyCodeInjection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2FPyCodeInjection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2FPyCodeInjection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2FPyCodeInjection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2FPyCodeInjection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sethsec","download_url":"https://codeload.github.com/sethsec/PyCodeInjection/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2FPyCodeInjection/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273695200,"owners_count":25151481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T05:33:03.467Z","updated_at":"2025-09-05T00:37:57.266Z","avatar_url":"https://github.com/sethsec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PyCodeInjection\n\nThe PyCodeInjection project contains two main components:\n\n1. **PyCodeInjectionShell** - A tool to exploit web application based Python Code Injection\n2. **PyCodeInjectionApp**  - A web application that is intentially vulnerable to Python Code Injection \n\nFor a more in depth background on what Python Code Injection you can read [this post](http://sethsec.blogspot.com/2016/11/exploiting-python-code-injection-in-web.html)\n\n# Installation\n``` \ngit clone https://github.com/sethsec/PyCodeInjection.git /opt/PythonCodeInjection\n```\n\n###Extra Step for PyCodeInjectionApp Installation\n\n```\ncd /opt/PythonCodeInjection/VulnApp\n./install_requirements.sh\n```\n\n# Usage\n\n###PyCodeInjectionShell\n```\nroot@playground:/opt/PyCodeInjection# python PyCodeInjectionShell.py -h\nUsage: python PyCodeInjectionShell.py -c command -p param -u URL\n       python PyCodeInjectionShell.py -c command -p param -r request.file\n\n\nOptions:\n  -h, --help    show this help message and exit\n  -c CMD        Enter the OS command you want to run at the command line\n  -i            Interactivly enter OS commands until finished\n  -u URL        Specify the URL. URLs can use * or -p to set injection point\n  -p PARAMETER  Specify injection parameter. This is used instead of *\n  -r REQUEST    Specify locally saved request file instead of a URL. Works\n                with * or -p\n```\n\n###PyCodeInjectionApp\n```\nroot@playground:/opt/PyCodeInjection/VulnApp# python PyCodeInjectionApp.py\nhttp://0.0.0.0:8080/\n192.168.81.1:12637 - - [02/Nov/2016 22:02:28] \"HTTP/1.1 POST /pyinject\" - 200 OK\n192.168.81.1:12639 - - [02/Nov/2016 22:02:37] \"HTTP/1.1 POST /pyinject\" - 200 OK\n192.168.81.1:12640 - - [02/Nov/2016 22:02:38] \"HTTP/1.1 POST /pyinject\" - 200 OK\n192.168.81.1:12641 - - [02/Nov/2016 22:02:39] \"HTTP/1.1 POST /pyinject\" - 200 OK\n192.168.81.1:12642 - - [02/Nov/2016 22:02:39] \"HTTP/1.1 POST /pyinject\" - 200 OK\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethsec%2Fpycodeinjection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsethsec%2Fpycodeinjection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethsec%2Fpycodeinjection/lists"}