A tool for making python source difficult to read.

Related tags

Security related resourcespythonobfuscation
Overview

obscurepy

Build Status codecov

Description

A tool for obscuring, or making python source code difficult to read.

Table of Contents

  1. Installation
  2. Limitations
  3. Usage
  4. Disclaimer
  5. License

Installation

This command will install obscurepy:

python -m pip install obscurepy

I would recommend installing it in a virtual environment as opposed to globally:

python -m venv venv
source venv/bin/activate
python -m pip install obscurepy

Limitations

As this program is still in active development, there are many limitations. Below are some examples of what obscurepy can do. If it isn't in the example, obscurepy probably can't do it. This example serves to represent the ablities of each release. This example should be functional, both the original source and obscured source should execute.

An example:

class FirstClass:
    pass


class SecondClass(FirstClass):
    # this is a comment
    class_variable = 6

    def __init__(self, param_1):
        self.my_property = param_1

    def class_function(self, param_1, param_2):
        self.prop_1 = param_1
        self.prop_2 = param_2


def first_function():
    def with_another():
        c = 42
        return c
    return with_another()

def second_function(param_1, param_2, param_3):
    d = 'string'
    return d + str(param_1)

def third_function():
    e = 100.0
    return e

a = FirstClass()

b = SecondClass(1)

print(first_function())

print(second_function(1, 2, 3))

print(third_function())

a = SecondClass(1)

a.class_function(1, 2)

first_function()
class _0x3fe:
    pass

class _0x452(_0x3fe):
    _0x5bb = int('0x6', 16)

    def __init__(_0x1aa, _0x2a1):
        _0x1aa._0x4ca = _0x2a1

    def _0x5db(_0x1aa, _0x2a1, _0x2a2):
        _0x1aa._0x251 = _0x2a1
        _0x1aa._0x252 = _0x2a2

def _0x5ed():

    def _0x50c():
        _0x63 = int('0x2a', 16)
        return _0x63
    return _0x50c()

def _0x641(_0x2a1, _0x2a2, _0x2a3):
    _0x64 = ''.join([chr(x) for x in [115, 116, 114, 105, 110, 103]])
    return _0x64 + str(_0x2a1)

def _0x5e0():
    _0x65 = float.fromhex('0x1.9000000000000p+6')
    return _0x65
_0x61 = _0x3fe()
_0x62 = _0x452(int('0x1', 16))
print(_0x5ed())
print(_0x641(int('0x1', 16), int('0x2', 16), int('0x3', 16)))
print(_0x5e0())
_0x61 = _0x452(int('0x1', 16))
_0x61._0x5db(int('0x1', 16), int('0x2', 16))
_0x5ed()

Usage

The following command can be used to obscure a single file:

obscure --filepath=my_module.py

The following command can be used to obscure a multi file project:

obscure --project_dir=my_project

Alternatively, you can specify an output directory for both single file and multi file obscuring:

obscure --filepath=my_module.py --output_dir=desired_output_directory
obscure --project_dir=my_project --output_dir=desired_output_directory

Disclaimer

Obscurepy is no substitution for standard security practices. Obscurepy will not protect your code, nor will it protect the constants within your code. Python is an interpreted language and by nature anyone with access to your source code can reverse engineer it or simply extract any constant replacement to determine the value. Obscurepy is not meant to be used with security in mind. Obscurepy can make your source code difficult to read and it may deter people from trying. It will not stop any determined person from figuring out what your code does. I suggest looking into PyArmor if a more sophisticated method of obfuscation is required.

License

MIT License

Copyright (c) 2021 Andrew Christiansen

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE

Owner
Andrew Christiansen
Andrew Christiansen
GitHub Repository https://drewtchrist.github.io/obscurepy/
Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List CVE-2021-41349 Exchange XSS PoC = Exchange 2013 update 23 = Exchange 2016 update 2

0x0021h 263 Feb 14, 2022
An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.

TMOHS1 Root Utility Description An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several

40 Dec 29, 2022
Python low-interaction honeyclient

Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th

Angelo Dell'Aera 896 Dec 19, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

👑 Recon 👑 The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
SPV SecurePasswordVerification

SPV SecurePasswordVerification Its is python module for doing a secure password verification without sharing the password directly. Features The passw

Merwin 1 Feb 12, 2022
Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

Stamus Networks 39 Nov 28, 2022
Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

Nano 5 Nov 23, 2021
Local server for IDA Lumina feature

About POC of an offline server for IDA Lumina feature.

Synacktiv 166 Dec 30, 2022
Remote control your Greenbone Vulnerability Manager (GVM)

Greenbone Vulnerability Management Tools The Greenbone Vulnerability Management Tools gvm-tools are a collection of tools that help with remote contro

Greenbone 130 Dec 17, 2022
Remote Desktop Protocol in Twisted Python

RDPY Remote Desktop Protocol in twisted python. RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client a

Sylvain Peyrefitte 1.6k Dec 30, 2022
Osint-Tool - Information collection tool in python

Osint-Tool Herramienta para la recolección de información Pronto más opciones In

3 Apr 09, 2022
Repository for a project of the course EP2520 Building Networked Systems Security

EP2520_ACME_Project Repository for a project of the course EP2520 Building Networked Systems Security in Royal Institute of Technology (KTH), Stockhol

1 Dec 11, 2021
Script Crack Facebook Premium 🚶‍♂

premium Script Crack Facebook Premium 🚶‍♂ In Script Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install python $ pkg inst

Yumasaa 2 Dec 19, 2021
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

KIEN HOANG 17 Nov 09, 2022
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Matt Creel 27 Dec 20, 2022
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

Anish Athalye 838 Dec 18, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible

CRACKER911181 1 Jan 10, 2022
Zero-attacker is an multipurpose hacking tool with over 12 tools

Zero Attacker Zero Attacker is bunch of tools which we made for people.These all tools are for purpose of ethical hacking and discord tools. Who is th

Asjad 300 Dec 28, 2022