Skip to content
/ DependencyConfusion Public

This package implements a test for Dependency Confusion using pip.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mauricelambert/DependencyConfusion

BranchesTags

Repository files navigation

DependencyConfusion

Description

This package implements a test for Dependency Confusion using pip.

  1. The version 0.0.2 is available on test.pypi.org.
  2. The version 0.0.2 and 666 are available on pypi.org.
  3. In the scenario you want to install version 0.0.2 available on test.pypi.org and you use the pip --extra-index-url option to install it.
  4. During installation, a window will open to tell you which version is being installed... theoretically version 666 available on pypi.org will be installed if your pip version is vulnerable to dependency confusion.

Requirements

This package require:

  • python3
  • python3 Standard Library

Installation

pip install --extra-index-url https://test.pypi.org/simple/ DependencyConfusion

Links

Licence

Licensed under the GPL, version 3.

About

This package implements a test for Dependency Confusion using pip.

Topics

dependency-manager attack pypi python3 pip poc vulnerability demonstration dependency-confusion

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages