This article mainly exists for me to point people at it. If you come across it, I still hope you find it useful ! Also note that this article focuses on Linux because I don’t know anyone doing offsec on something else. Use whatever you want as an OS but please if you want to do hacking install exegol or set up a Kali VM it’ll save you trouble !
I sometimes get people who start hacking without a dev background and ask how to run a POC for a CTF or a CVE exploit. In this very short article we’ll see how to set up a Virtual Environment with pip or uv and run the code.
In CTFs and HTB, GitHub/Gitlab/Codeberg POCs are everywhere. But they usually rely on dependencies (because why reinvent the wheel when you can build it 🥁 … got the joke ? no ? nevermind). These dependencies can lead to conflicts with the ones installed by the OS. Thus, the fastest way to get one such POC running without risking breaking your system is to set up a Virtual Environment once you cloned the repo.
Prerequisites #
- Git
- Python 3.8+
- (Optional but great to use) uv – install with
curl -LsSf https://astral.sh/uv/install.sh | sh
Step 1: Clone the POC #
git clone <REPO_URL>
cd repo-namePro tip: Speed up 90 % of clones with a shallow copy:
git clone --depth 1 https://github.com/user/repo-name.git(You almost never need full history for an exploit.)
This is the point where you should read the code and make sure it is only doing what you want. While you’re at it, make a stop and cat README.md immediately. It usually tells you the exact Python version, extra system packages (apt install ...), or case-by-case installation steps that this guide would not cover.
Step 2: Create a Virtual Environment #
In a nutshell, Python virtual environments help decouple and isolate Python installs and associated pip packages. This allows end-users (hey, that’s you !) to install and manage their own set of packages that are independent of those provided by the system or used by other projects.
In words of one syllable : Several
pythons so we don’t break the system’s python (usually a great idea)
With pip #
pip is pythons package manager, and it can natively create Virtual environments
python3 -m venv <DIR-NAME> # This creates the <DIR-NAME> directory with all the required data for a venv
source venv/bin/activate # This gets us in the "context" of the virtual environment
pip install -r requirements.txtWith uv : faster, cooler 😎 #
The uv tool is a high-speed package and project manager for Python written in Rust. It’s especially useful when you need a specific version of python see an example in this write-up :
uv venv # This creates the .venv directory by default with all the required data for a venv
source .venv/bin/activate # This gets us in the "context" of the virtual environment
uv pip install -r requirements.txtuv super-tips:
- Force a specific Python:
uv venv --python 3.12 - Downloads the interpreter if missing:
uv python install 3.12 - Use
uv pip sync requirements.txtto exactly sync the environment
If the projects does not include a requirements.txt
#
The requirements.txt file lists the 3rd party libraries needed in an easy-to-install way. If the original author of the code did not provide one check that :
- perhaps the code does not use any 3rd party library (for a local-only parser for instance)
- perhaps the dependencies are listed in the readme in which case you can use
(uv) pip install <PACKAGE_NAME>so for instanceuv pip install pwntools requests beautifulsoup4 - if all else failed just look at the start of the code or grep for
importin the code.
Note that sometimes system libraries will be missing rather than python ones. In this case you need to install them with
apt(ordnf,pacman…)
Step 3: Run the script #
Make sure you read the readme.md before and understand what the tool does to avoid “Oops this drops the database” moments.
python exploit.py -h # or whatever the main script is calledDeactivate when done #
Once you are done with the script remember to leave the virtual environment :
deactivateHappy hacking — go pop those boxes! 🚩