Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/gbleaney/python_security

This repository collects lists of security-relavent Python APIs, along with examples of exploits using those APIs
https://github.com/gbleaney/python_security

Last synced: 12 days ago
JSON representation

This repository collects lists of security-relavent Python APIs, along with examples of exploits using those APIs

Lists

README 

        
# python_security



## Overview

This repository collects lists of security-relavent Python APIs, along with examples of exploits using those APIs. Currently it only contains remote code/command execution libraries.



## Usage



To work with the code in this repo, you must be in a virtual environment:



```

$ cd /path/to/python_security

$ python3.8 -m venv venv

$ source venv/bin/activate

(venv) $ pip3.8 install -r requirements.txt

```



### Interactive Server



You can launch the server to interactively play with the examples:



```

(venv) $ FLASK_APP=webapp.app.py FLASK_ENV=development flask run -h localhost -p 2121

```



This will let you generate payloads for arbitrary code, and run those payloads on your own machine.



### JSON Formatted Data



All the vulnerable functions covered by this repository are available in machine-readable format in `sinks.json`. `sinks.json` can be regenerated by running `scripts/generate_sink_list.py`.



### Testing



When adding a new exploit, you can validate it by running the tests:

```

(venv) $ python3 -m unittest

```

## Contributing



PRs are welcome. If you're looking for ideas, look at the "Future Work" section in `code_execution/README.md`. Before submitting an exploit, make sure to run the tests and include evidence of testing in the PR.