M4cs · adjusic · May 23, 2025
diff --git a/babysploit/reverseshell.py b/babysploit/reverseshell.py
@@ -22,14 +22,23 @@ def findshell():
 
                 Choose a type of shell from above
         """)
-        shelltype = input("#> ")
+        # FIXED: strip whitespace to prevent hidden characters
+        shelltype = input("#> ").strip() 
+        # FIXED: validate against known shell options
+        if shelltype not in [str(i) for i in range(1, 12)]:
+            print("Invalid shell type selected.")
+            return
         rhost = config['DEFAULT']['rhost']
         lhost = config['DEFAULT']['lhost']
         print("=== Confirm Settings ===")
         print("Target: %s" % rhost)
         print("Localhost: %s" % lhost)
         print("========================")
-        check = str(input("[y\\n] "))
+        # FIXED: normalize input and validate
+        check = input("[y/n] ").strip().lower()
+        if check != "y":
+            print("Operation cancelled.")
+            return
         if check == "y":
             if shelltype == "1":
                 shell = "bash"
@@ -55,7 +64,10 @@ def findshell():
                 shell = "powershell windows"
             return shell, lhost
         else:
-            os.system("clear")
+            # Clear the terminal screen (safe for Windows and Unix)
+            # FIXED: safer replacement for os.system("clear")
+            os.system("cls" if os.name == "nt" else "clear") 
+
             run()
 
     def run():
@@ -146,7 +158,7 @@ def run():
             payload4 = ""
         else: 
             print("Unknown Shell Type.")
-            run()
+            return
         print("\n===== Available Payloads =====")
         print("\nPayload 1:\n%s\n" % payload1)
         if payload2 != "":
@@ -156,7 +168,7 @@ def run():
         if payload4 != "":
             print("Payload 4:\n%s\n" % payload4)
         print("\nWould you like to convert a payload from Base64?")
-        ask = str(input("[y\\n] ").lower())
+        ask = input("[y/n] ").strip().lower()
         if ask == "y":
             payload = input("\nSelect Payload: ")
             if payload == "1":
@@ -172,10 +184,10 @@ def run():
         else:
             pass
         print("Would You Like To Start A NetCat listener on %s:80?" % lhost)
-        ask2 = str(input("[y\\n] ").lower())
+        ask2 = input("[y/n] ").strip().lower()  # FIXED: sanitize input
         if ask2 == "y":
-            os.system("sudo nc -nlvp 80")
-        else:
-            pass
+            subprocess.run(["sudo", "nc", "-nlvp", "80"])
+        elif ask2 != "n":
+            print("Invalid input. Skipping listener.")
 except KeyboardInterrupt:
     pass
diff --git a/babysploit/tests/test_reverseshell.py b/babysploit/tests/test_reverseshell.py
@@ -0,0 +1,50 @@
+from unittest import mock
+
+# Simulate a minimal, testable version of findshell logic
+def simulate_findshell(inputs, config):
+    import builtins
+
+    original_input = builtins.input
+    input_iter = iter(inputs)
+    builtins.input = lambda _: next(input_iter)
+
+    try:
+        shelltype = input("#> ")
+        rhost = config['DEFAULT']['rhost']
+        lhost = config['DEFAULT']['lhost']
+        check = input("[y\\n] ")
+        if check != "y":
+            return None, None
+        shell_map = {
+            "1": "bash", "2": "php", "3": "netcat", "4": "telnet",
+            "5": "perl", "6": "perl windows", "7": "ruby", "8": "java",
+            "9": "python", "10": "gawk", "11": "powershell windows"
+        }
+        shell = shell_map.get(shelltype)
+        if shell is None:
+            return None, None
+        return shell, lhost
+    finally:
+        builtins.input = original_input
+
+# Test case: valid selection
+def test_valid_shell_selection():
+    config = {"DEFAULT": {"rhost": "192.168.1.10", "lhost": "10.0.0.5"}}
+    shell, lhost = simulate_findshell(["1", "y"], config)
+    assert shell == "bash"
+    assert lhost == "10.0.0.5"
+
+# Test case: invalid selection
+def test_invalid_shell_selection():
+    config = {"DEFAULT": {"rhost": "192.168.1.10", "lhost": "10.0.0.5"}}
+    shell, lhost = simulate_findshell(["15", "y"], config)
+    assert shell is None
+    assert lhost is None
+
+# Test case: user declines confirmation
+def test_shell_selection_declined():
+    config = {"DEFAULT": {"rhost": "127.0.0.1", "lhost": "127.0.0.1"}}
+    shell, lhost = simulate_findshell(["1", "n"], config)
+    assert shell is None
+    assert lhost is None
+