Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



20 Commits

Repository files navigation


The PyCodeInjection project contains two main components:

  1. PyCodeInjectionShell - A tool to exploit web application based Python Code Injection
  2. PyCodeInjectionApp - A web application that is intentially vulnerable to Python Code Injection

For a more in depth background on what Python Code Injection you can read this post


git clone /opt/PythonCodeInjection

###Extra Step for PyCodeInjectionApp Installation

cd /opt/PythonCodeInjection/VulnApp



root@playground:/opt/PyCodeInjection# python -h
Usage: python -c command -p param -u URL
       python -c command -p param -r request.file

  -h, --help    show this help message and exit
  -c CMD        Enter the OS command you want to run at the command line
  -i            Interactivly enter OS commands until finished
  -u URL        Specify the URL. URLs can use * or -p to set injection point
  -p PARAMETER  Specify injection parameter. This is used instead of *
  -r REQUEST    Specify locally saved request file instead of a URL. Works
                with * or -p


root@playground:/opt/PyCodeInjection/VulnApp# python - - [02/Nov/2016 22:02:28] "HTTP/1.1 POST /pyinject" - 200 OK - - [02/Nov/2016 22:02:37] "HTTP/1.1 POST /pyinject" - 200 OK - - [02/Nov/2016 22:02:38] "HTTP/1.1 POST /pyinject" - 200 OK - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK