RedTeaming.org
The joys of pipx

24 May 2025

This will be a short blog post as there isn’t much to it but recently I was chatting to other testers on Discord and there were some intricacies of pipx that they were unfamiliar with so I thought I would share them.

What is pipx?

For those of you who may not know what it is, pipx is a tool for installing and running Python applications in isolated environments. It’s especially useful for command-line tools written in Python that you want to use globally without polluting your system Python environment or managing virtual environments manually.

It can be a god send for not breaking your Linux Python setup when managing lots of Python tools. To install it you simply execute these commands which will update your shell allowing your pipx virtual environment commands to be executed from wherever you are:

python3 -m pip install --user pipx
python3 -m pipx ensurepath

How do I use pipx?

Now that you have it installed you will want to reinstall some of those tools you may already have stored in virtual environments. Here are the various ways I use it and keep in mind when you add a suffix to for example Certipy with -dcom you then run it like this ‘certipy-dcom req…’ etc.

Installing the latest released version of a tool

pipx install impacket

Installing the latest version from a repo that may not be released yet

pipx install git+https://github.com/fortra/impacket.git

Installing a branch plus renaming it to avoid a clash

 
pipx install --suffix=-dcom 'git+https://github.com/qtc-de/Certipy.git@feat/support-req-via-dcom'

Installing an older version of a tool and adding a suffix

 
pipx install --suffix=-v2 git+https://github.com/p0dalirius/smbclient-ng.git@2.1.6

Injecting libraries into a pipx venv such as ldap3 which Certipy previously needed for ldaps (now fixed)

pipx inject certipy-ad git+https://github.com/ly4k/ldap3 --force

Upgrading all your pipx venvs after a Kali upgrade

  
pipx reinstall-all

Upgrade all your packages to their latest

  
pipx upgrade-all

Install a tool plus any dependencies. To be honest ROADtools is the only one that needed this

  
pipx install git+https://github.com/dirkjanm/ROADtools.git --include-deps

List what I have installed

pipx list

Reinstall my tools on a new device by creating a reinstall script:

pipx list --json > pipx.json
jq -r '
  .venvs | to_entries[] |
  .value.metadata.main_package as $pkg |
  select($pkg != false and $pkg.package_or_url != null) |
  "pipx install " +
    $pkg.package_or_url +
    (if $pkg.suffix != null and $pkg.suffix != "" then " --suffix=-" + ($pkg.suffix | ltrimstr("-")) else "" end)
' pipx.json > pipx-reinstall.sh

So there you have it, next time someone releases a Python tool that contains more than a few standalone Python scripts request for them to also make it pipx compatible (by including a pyproject.toml or setup.py script) to make everybody’s lives easier. An example can be seen here where I have just tried to make a repo pipx compatible: https://github.com/dirkjanm/PKINITtools/pull/17


Back