diff --git a/babysploit/reverseshell.py b/babysploit/reverseshell.py index bbc5253..751b6b9 100644 --- a/babysploit/reverseshell.py +++ b/babysploit/reverseshell.py @@ -22,14 +22,23 @@ def findshell(): Choose a type of shell from above """) - shelltype = input("#> ") + # FIXED: strip whitespace to prevent hidden characters + shelltype = input("#> ").strip() + # FIXED: validate against known shell options + if shelltype not in [str(i) for i in range(1, 12)]: + print("Invalid shell type selected.") + return rhost = config['DEFAULT']['rhost'] lhost = config['DEFAULT']['lhost'] print("=== Confirm Settings ===") print("Target: %s" % rhost) print("Localhost: %s" % lhost) print("========================") - check = str(input("[y\\n] ")) + # FIXED: normalize input and validate + check = input("[y/n] ").strip().lower() + if check != "y": + print("Operation cancelled.") + return if check == "y": if shelltype == "1": shell = "bash" @@ -55,7 +64,10 @@ def findshell(): shell = "powershell windows" return shell, lhost else: - os.system("clear") + # Clear the terminal screen (safe for Windows and Unix) + # FIXED: safer replacement for os.system("clear") + os.system("cls" if os.name == "nt" else "clear") + run() def run(): @@ -146,7 +158,7 @@ def run(): payload4 = "" else: print("Unknown Shell Type.") - run() + return print("\n===== Available Payloads =====") print("\nPayload 1:\n%s\n" % payload1) if payload2 != "": @@ -156,7 +168,7 @@ def run(): if payload4 != "": print("Payload 4:\n%s\n" % payload4) print("\nWould you like to convert a payload from Base64?") - ask = str(input("[y\\n] ").lower()) + ask = input("[y/n] ").strip().lower() if ask == "y": payload = input("\nSelect Payload: ") if payload == "1": @@ -172,10 +184,10 @@ def run(): else: pass print("Would You Like To Start A NetCat listener on %s:80?" % lhost) - ask2 = str(input("[y\\n] ").lower()) + ask2 = input("[y/n] ").strip().lower() # FIXED: sanitize input if ask2 == "y": - os.system("sudo nc -nlvp 80") - else: - pass + subprocess.run(["sudo", "nc", "-nlvp", "80"]) + elif ask2 != "n": + print("Invalid input. Skipping listener.") except KeyboardInterrupt: pass diff --git a/babysploit/tests/test_reverseshell.py b/babysploit/tests/test_reverseshell.py new file mode 100644 index 0000000..877141a --- /dev/null +++ b/babysploit/tests/test_reverseshell.py @@ -0,0 +1,50 @@ +from unittest import mock + +# Simulate a minimal, testable version of findshell logic +def simulate_findshell(inputs, config): + import builtins + + original_input = builtins.input + input_iter = iter(inputs) + builtins.input = lambda _: next(input_iter) + + try: + shelltype = input("#> ") + rhost = config['DEFAULT']['rhost'] + lhost = config['DEFAULT']['lhost'] + check = input("[y\\n] ") + if check != "y": + return None, None + shell_map = { + "1": "bash", "2": "php", "3": "netcat", "4": "telnet", + "5": "perl", "6": "perl windows", "7": "ruby", "8": "java", + "9": "python", "10": "gawk", "11": "powershell windows" + } + shell = shell_map.get(shelltype) + if shell is None: + return None, None + return shell, lhost + finally: + builtins.input = original_input + +# Test case: valid selection +def test_valid_shell_selection(): + config = {"DEFAULT": {"rhost": "192.168.1.10", "lhost": "10.0.0.5"}} + shell, lhost = simulate_findshell(["1", "y"], config) + assert shell == "bash" + assert lhost == "10.0.0.5" + +# Test case: invalid selection +def test_invalid_shell_selection(): + config = {"DEFAULT": {"rhost": "192.168.1.10", "lhost": "10.0.0.5"}} + shell, lhost = simulate_findshell(["15", "y"], config) + assert shell is None + assert lhost is None + +# Test case: user declines confirmation +def test_shell_selection_declined(): + config = {"DEFAULT": {"rhost": "127.0.0.1", "lhost": "127.0.0.1"}} + shell, lhost = simulate_findshell(["1", "n"], config) + assert shell is None + assert lhost is None +