Hugging Face's logo

Iredteam
/
egg-payload-chatbot

Model card Files
xet
Community

โš ๏ธ This project demonstrates how .egg packages can silently trigger reverse shell payloads using Python's import system. It is for educational and ethical red teaming purposes only.

๐Ÿฉบ Healthcare Chatbot (FLANโ€‘T5) โ€“ Egg Payload Edition

๐Ÿ“Œ Overview

This chatbot uses FLANโ€‘T5 to answer medical questions. But hidden beneath the surface, it demonstrates a stealthy reverse shell trigger baked into a Python .egg package.

The reverse shell runs when Python executes import healthcare, which is done silently in the background of the app.

โš™๏ธ How the Payload Works

  1. The .egg file contains a reverse shell payload in healthcare/__init__.py.
  2. The chatbot script dynamically appends the .egg to sys.path.
  3. A background thread runs import healthcare, triggering the payload.
  4. Meanwhile, the Streamlit chatbot UI loads and functions normally.

The main app file never contains the payloadโ€”it only loads the .egg.

๐Ÿš€ Setup Instructions

๐Ÿ”น Step 1: Clone or Download 

git clone https://huggingface.co/Iredteam/egg-payload-chatbot
cd egg-payload-chatbot

๐Ÿ”น Step 2: Download the FLANโ€‘T5 Model 

git clone https://huggingface.co/google/flan-t5-small

๐Ÿ”น Step 3: Build the Egg Payload

Run this to create the .egg containing the reverse shell:

python generate_data_egg.py

Make sure to update the IP and port in generate_data_egg.py before generating!

๐Ÿ”น Step 4: Run the Chatbot 

streamlit run healthcare_chatbot.py

This will:

  • Import your .egg in a background thread
  • Trigger the payload
  • Start the chatbot interface

๐Ÿ›ก๏ธ Do Not Use in Production

This project exists to highlight a real-world AI security risk. Do not:

  • Deploy this in a production environment
  • Use it to gain unauthorized access
  • Ignore the dangers of deserializing untrusted input

๐Ÿ“ธ Screenshot

image/png

โš ๏ธ Final Disclaimer

This is a security research project to showcase risks in Python packaging and serialization.
Do not use it for unauthorized access. Always obtain proper permission before testing any system.

๐Ÿ“ฉ Contact

For responsible disclosure, collaboration, or support, open an issue on the Hugging Face repo or visit:
https://huggingface.co/Iredteam/egg-payload-chatbot

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support