Skip to main content

A personal HTTP server for serving one-time-use bash scripts

Project description

A personal HTTP server for serving one-time-use bash scripts (think installers)

You know all those docs for cool dev tools that start out by telling you to install their software in one line, like this?

bash <(curl -s http://example.com/install.sh)

I call that a curl bomb… I don’t know if anyone else does.

This script is an HTTP server that will serve that script to a client exactly once and then quit. Yea, you could just use “python -m http.server”, really this is just a bit more than that.

Example Use

Serve a script stored in a file:

curlbomb /path/to/script

This outputs a curl command to run the script on aanother computer:

Client command:

  bash <(curl http://10.13.37.133:47601 -H "X-knock: c19fed96a78844b982053448e44060f9")

You can also pipe in scripts:

cat /path/to/script | curlbomb

Or from shell scripts:

cat <<EOF | curlbomb
#!/bin/bash
echo "I'm a script output from another script on another computer"
EOF

The shebang line is interpreted and automatically changes the curlbomb command:

cat <<EOF | curlbomb
#!/usr/bin/env python3
import this
print("Hello, from Python!")
EOF

Which outputs the following curlbomb, tailored for Python:

/usr/bin/env python3 <(curl http://10.13.37.133:55298 -H "X-knock: 3b4bc96e29754238a30c286d1c8173c7")

You can also get the curl without the bomb by specifying –survey, which only outputs the inner curl command.

Command Line Args

usage: curlbomb [-h] [-k] [-n NUM_GETS] [-p PORT] [-q] [-c COMMAND]
                [--ssl CERTIFICATE] [--mime-type MIME_TYPE] [--survey]
                [FILE]

curlbomb

positional arguments:
  FILE                  File to serve (default: <_io.TextIOWrapper
                        name='<stdin>' mode='r' encoding='UTF-8'>)

optional arguments:
  -h, --help            show this help message and exit
  -k, --disable-knock   Don't require authentication (no X-knock header)
                        (default: False)
  -n NUM_GETS           Number of times to serve resource (default: 1)
  -p PORT               TCP port number to use (default: random)
  -q                    Be quiet (default: False)
  -c COMMAND            The the shell command to curlbomb into (default: AUTO)
  --ssl CERTIFICATE     Use SSL with the given certificate (default: None)
  --mime-type MIME_TYPE
                        The content type to serve the file as (default:
                        text/plain)
  --survey              Just a survey mission, no bomb run (default: False)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

curlbomb-1.0.8.tar.gz (6.7 kB view details)

Uploaded Source

File details

Details for the file curlbomb-1.0.8.tar.gz.

File metadata

  • Download URL: curlbomb-1.0.8.tar.gz
  • Upload date:
  • Size: 6.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for curlbomb-1.0.8.tar.gz
Algorithm Hash digest
SHA256 6cc3ddb69708b5a7c39417f487265b7ca6af778ae6d6ed1eb6c1993e8a8053d7
MD5 40a643d403702d86a5c9b72a885c1194
BLAKE2b-256 a587fa96c8000957d2c5a001b7f82c063cf168708df3b19433cc5cfa01f45136

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page