A secure shell executor with policy enforcement

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for breimers from gravatar.com breimers

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Your Name
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

BearShell

A (relatively) secure and easy-to-use subprocess implementation for Python

BearShell

BearShell is a Python class for executing shell commands securely with output streaming, injection risk protection, and support for command presets. This tool provides an easy-to-use interface while enforcing security policies and offering control over the commands executed.

Features

  • Secure Command Execution: Protects against common shell injection tactics.
  • Command Presets: Allows predefined command templates with substitution.
  • Output Streaming: Streams output line-by-line while capturing the entire result.
  • Allow-List and Block-List: Policies to restrict which commands can or cannot be executed.
  • Injection Risk Detection: Detects risky shell patterns like ;, &&, rm, and others.

Installation

  1. Clone the repository or install the class directly into your project.
  2. No dependencies outside the standard Python library.

Example Usage

from bearshell import BearShell

# Create BearShell object with a buffer limit of 5000 lines
shell = BearShell(max_buffer_lines=5000)

# Set allow-list of safe commands
shell.set_allow_list(["searchsploit", "nmap"])

# Set block-list of risky commands
shell.set_block_list(["rm", "shutdown"])

# Define a preset command for running searchsploit
shell.add_preset("search_exploit", ["searchsploit", "{query}"])

# Run the search_exploit preset with a query
response = shell.run_preset("search_exploit", query="apache")

# Output the response as a dictionary
print(response.to_dict())

# Run a custom command directly (this will be parsed and validated)
response = shell.run("nmap -p 80 192.168.1.1")

# Output the response
print(response.to_dict())

# Run a custom command directly (this will be parsed and validated)
response = shell.run("nmap -p 80 192.168.1.1")

# Output the response
print(response.to_dict())

Command Response

The BearResponse returned by the run and run_preset methods contains:

start_time Time when the command started.

end_time Time when the command finished.

stdout Standard output (captured during the command execution).

stderr Standard error output.

error_message An error message in case of a failure (e.g., injection risk or policy violation).

You can get the response in various formats:

Dictionary: response.to_dict()

JSON: response.to_json()

Policy Enforcement

Allow-List: Only allows commands listed in the allow-list to run.

Block-List: Blocks commands that are added to the block-list.

Injection Risk Detection: Automatically checks for dangerous patterns (e.g., rm, shutdown) and blocks commands with such patterns.

Example Response Object

{ "start_time": "2025-04-10T12:30:00", "end_time": "2025-04-10T12:30:05", "stdout": "Found exploit for Apache\n", "stderr": "", "error_message": null }

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for breimers from gravatar.com breimers

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Your Name
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.1.3

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bearshell-0.1.0.tar.gz (3.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bearshell-0.1.0-py3-none-any.whl (3.3 kB view details)

Uploaded Python 3

File details

Details for the file bearshell-0.1.0.tar.gz.

File metadata

  • Download URL: bearshell-0.1.0.tar.gz
  • Upload date:
  • Size: 3.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for bearshell-0.1.0.tar.gz
Algorithm Hash digest
SHA256 f91dd5762e8c33cf5844de4700fdc8d9e3398a23efbfdc9450e29267f07a73b5
MD5 b90b53361d21688d03c7c98d3b8d8ea8
BLAKE2b-256 99eba9b8f9272948f243199e469e979feaf78b03dc94da864d4ca587720d800c

See more details on using hashes here.

Provenance

The following attestation bundles were made for bearshell-0.1.0.tar.gz:

Publisher: python-publish.yml on breimers/bear-shell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bearshell-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: bearshell-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 3.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for bearshell-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b967e96d5d6ff16fc60c7162ede7b08b0e46d1b3c2f6bf883ff791a02c7357f0
MD5 ba77966c85f1115a42b9fb40c90db0c4
BLAKE2b-256 d5a7eafe2e473596967475ac12e63c61a3585e7fb9b970a0b005c56d3e4757ae

See more details on using hashes here.

Provenance

The following attestation bundles were made for bearshell-0.1.0-py3-none-any.whl:

Publisher: python-publish.yml on breimers/bear-shell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page