Downloading files from the command line is routine tasks for most security professionals. For defenders, the Windows Schedule, SIM management interfaces, Web interfaces for appliances often allow you to schedule a single command for execution. The offensive folks who exploit a command injection vulnerability often need a simple way to download and execute code in a single line. Or perhaps your just need a simple, cross platform, line of code to add to your existing management script. In all of these situations, having a single cross platform command you can run to download files form the internet is essential. If there is a Python interpreter on your system you can easily download files with the following one line command.
python -c 'import urllib2;print urllib2.urlllopen("http://<url to download>").read()' | tee /tmp/<local filename to write>
If you want to execute the code after the download you just need to add a semicolon and execute the command.
python -c 'import urllib2;print urllib2.urlllopen("http://<url to download>").read()' | tee /tmp/<local filename to write> ; /tmp/<local filename to execute>
The script shown is compatible with Python 2 and won't work on systems that have Python 3 as the default Python interpreter. Today the majority of systems, in compliance with PEP 394, still use Python 2 as the default interpreter, but it won't be too much longer before Python 3 is the default. If you are unsure which version of Python your system is using you can run the following command to check.
$ python --version Python 2.7.12
For those running Python 3, here is a script you can use to that is compatible with your system.
python3 -c 'import urllib.request; urllib.request.urlretrieve("http://<url to download","/tmp/<local filename>")'
