i needed to share a single file so i wrote a quick webserver in bash like any normal person would. it supports head and get, which was all i needed. as far as i'm aware it doesn't misbehave too badly
then i showed it to a bunch of extremely smart phd level agi bots that are going to replace us all and asked them to review it and point out any flaws
what follows is a non comprehensive list of replies in no particular order. for fun you can guess which model said what
i am aware that python's http.server is very easy to use, and so is nginx, and so is every other server really, but this was 6 lines of code that i wrote to share a log file with a friend
it's a silly project not intended for production use. i couldn't immediately break it, so i asked some people and some ai thingies (pretty much all the relevant ones in august 2025) to have a look
the ai results ranged from irrelevant, to nonsensical, to just laughably bad. there was a lot more but this is enough to convey my point. the human results ranged from "lol" to "why not just use..." to "pls dont"
in fairness to the bots, a lot of them did point out that this isn't hard to dos. just spawn a billion connections!
ncat has a --max-conns option to address this, but there's already a read timeout and i couldn't
be arsed to find a value that made sense for just running cat on a 100kb file.
remember to pick a good one before deploying the next facebook on this
this was quite a few bots that are being sold as agi with all the thinking settings maxed out etc. overall i feel like i gave them a fair try, but they only managed to produce an endless stream of completely made up vulnerabilities. this is not what an expert would come up with
it's probably my fault tho. i am old and grumpy. i should have prompted better, or used the even newer models, or maybe i should just write react instead or possibly tailwind css? but you're absolutely right to point this out. let me try a completely different approach...
high / critical
ncat -e backdoor primitive. Anything that reads from the network and is exec’d per connection is a red-team favorite. One parsing mistake becomes RCE. Many distros disable -e for this reason. If this is ever internet-exposed, assume it’ll get hammered. Prefer --sh-exec with a fixed command or avoid -e entirely.
complete nonsense. why would --sh-exec be preferrable???? and i'm aware of distros shipping a nc without -e, but i checked and i couldn't find any distro that disables ncat -e
World-bind by default. ncat -kl "${2}" listens on all interfaces. If you meant “local dev only,” you just published a file to the world. Bind explicitly (e.g., -l 127.0.0.1) or firewall it.
this is correct!!! it turns out you do need to bind like that to be reachable via the internet
Header injection via filename (CR/LF). Line 4 uses: type=$(file --mime-type --mime-encoding -r -- "$TARGETFILE") then printf ... "${type/"$TARGETFILE"/Content-Type}" ... Because of -r, file prints the raw filename. Unix allows newlines in filenames. If $TARGETFILE contains \n or \r\n, your printf will emit extra header lines (response-splitting). Even though the attacker can’t change $TARGETFILE over HTTP, this is a sharp edge if the served path is untrusted (uploaded file, symlink, etc.). Easiest harden: don’t embed the name—use file -b to get just the MIME pieces and format the header yourself.
nonsense as printf doesn't ever get passed the filename
medium
Unbounded concurrency / easy DoS. -k + fork per connection means a burst of connects spawns a lot of shells and file processes. The read -t1 limits slowloris somewhat, but you can still exhaust fds/CPU. Cap with --max-conns, run behind a rate-limiting reverse proxy, or drop -k.
this one is spot on!!!!! good job gpt 5 👍
Cleartext by default. If this ever crosses an untrusted network, it’s trivially sniffable/modified. Use --ssl (or terminate TLS elsewhere) if confidentiality/integrity matters.
very good again!!! who knows what an attacker might discover
libmagic attack surface. Calling file on untrusted content has had CVEs. If the file can be attacker-supplied, this brings that risk into your request path.
also correct! however the file is not attacker supplied
low / correctness / hygiene
Over-strict path handling. Anything except exactly / drops the connection (no 4xx). Not a vuln, just behavior that can confuse clients/tools.
correct again!! this bot is on a roll!
Filename pattern edge cases. The ${type/"$TARGETFILE"/Content-Type} uses shell pattern matching on the pattern. If the filename contains glob chars like * or [], the replacement could match more than intended. It still only affects the header line, but it’s brittle.
nonsense because it's quoted. streak broken 😢
just incredible work by gpt 5. final score: agi/10
gpt-5 is kinda scary, i must admit: https://gist.github.com/wesen/bf9c7e598a730625047db43e98bc0481
prompt: "review the webserver in this script, think extremely hard"