grayddq / PypiScan

Licence: other

这个脚本主要提供对pypi供应链的源头进行安全扫描研究，扫描并发现未知的恶意包情况。

Programming Languages

python

139335 projects - #7 most used programming language

Projects that are alternatives of or similar to PypiScan

feupy

The sigarra scraping library no one asked for

Stars: ✭ 13 (-48%)

Mutual labels: pypi

django-materializecss-form

Materializecss for Django Form

Stars: ✭ 83 (+232%)

Mutual labels: pypi

generate-word-cloud.py

🐍 A simple Python (2 or 3) script to generate a PNG word-cloud ☁️ image from a bunch of 📂 text files 🎉. Based on word_cloud by @amueller.

Stars: ✭ 19 (-24%)

Mutual labels: pypi

Pyaiodl

A python Asynchronous Downloader - Pyaiodl

Stars: ✭ 40 (+60%)

Mutual labels: pypi

badge

Badges for your site to display cool badges for your projects such as downloads, license, status, ...

Stars: ✭ 14 (-44%)

Mutual labels: pypi

pycayennelpp

A Cayenne Low Power Payload (CayenneLPP) decoder and encoder for Python

Stars: ✭ 17 (-32%)

Mutual labels: pypi

psm

Pypi Source Manager: fast switch between different Pypi Source: Pypi, double, aliyun

Stars: ✭ 31 (+24%)

Mutual labels: pypi

tsplib95

Library for working with TSPLIB files.

Stars: ✭ 48 (+92%)

Mutual labels: pypi

pipyuan

pipyuan 内置了国内常用的 pip 源，你可以快速设置想要的源

Stars: ✭ 30 (+20%)

Mutual labels: pypi

copulae

Multivariate data modelling with Copulas in Python

Stars: ✭ 96 (+284%)

Mutual labels: pypi

aiotinydb

asyncio compatibility shim for tinydb

Stars: ✭ 42 (+68%)

Mutual labels: pypi

publishing-python-packages

Examples and exercises for Publishing Python Packages from Manning Books 🐍 📦 ⬆️

Stars: ✭ 25 (+0%)

Mutual labels: pypi

lit-ncov-report

洛阳理工学院 "健康状况管控平台" , 非官方Python封装库兼CLI工具与拓展实现

Stars: ✭ 41 (+64%)

Mutual labels: pypi

poetry-version-plugin

Poetry plugin for dynamically extracting the package version from a __version__ variable or a Git tag.

Stars: ✭ 253 (+912%)

Mutual labels: pypi

python-package-template

Easy to use template for great PyPi packages

Stars: ✭ 19 (-24%)

Mutual labels: pypi

pyutilib

A collection of general Python utilities, including logging and file IO, subprocess management, plugin systems, and workflow management.

Stars: ✭ 28 (+12%)

Mutual labels: pypi

thanker

Don't be a wanker, be a thanker! Automatically give thanks to Pypi packages you use in your project.

Stars: ✭ 25 (+0%)

Mutual labels: pypi

poetry-setup

Generate setup.py (setuptools) from pyproject.toml (poetry)

Stars: ✭ 44 (+76%)

Mutual labels: pypi

Flask-Validator

Validator for SQLAlchemy Models

Stars: ✭ 27 (+8%)

Mutual labels: pypi

duckpy

A simple Python library for searching on DuckDuckGo.

Stars: ✭ 20 (-20%)

Mutual labels: pypi

View All Similar Projects ➔

PypiScan 0.1

这个脚本主要提供对pypi供应链的源头进行安全扫描研究，扫描并发现未知的恶意包情况。

作者

咚咚呛

如有其他建议，可联系微信280495355

技术细节

技术细节如下

1、脚本采取多线程方式爬取pypi所有包信息，默认10个线程，根据主机和带宽的配置，建议增加。
2、每个项目包含多个版本包，releases包存在两种类型，whl和tar，whl类型实质为zip压缩。
3、由于文件数量过大，硬盘存储有限，故采取下载/扫描完毕后会删除原始包，但会保存恶意文件到指定目录。
4、扫描以静态扫描为住，扫描特征行包括：网络链接行为、特定文件操作、命令执行行为、特定编码行为
5、作者执行了一次全量扫描，项目数量：21W+、包数量：150W+，用时10天+，目前误报较多，脚本主要用于研究使用，如要生产环境使用，请识别规则

程序使用

root# git clone https://github.com/grayddq/PypiScan.git

root# cd PypiScan

root# sudo pip install -r requirements.txt

root# python python PypiScan.py --thread 100

运行截图

历史风险参考

历史pypi恶意包

https://snyk.io/vuln/SNYK-PYTHON-JEILYFISH-536726
https://snyk.io/vuln/SNYK-PYTHON-PYTHON3DATEUTIL-536644
https://snyk.io/vuln/SNYK-PYTHON-LIBARI-460155
https://snyk.io/vuln/SNYK-PYTHON-LIBPESH-460156
https://snyk.io/vuln/SNYK-PYTHON-LIBPESHNX-460157
https://snyk.io/vuln/SNYK-PYTHON-DAJNGO-72531
https://snyk.io/vuln/SNYK-PYTHON-DIANGO-72529
https://snyk.io/vuln/SNYK-PYTHON-DJAGO-72530
https://snyk.io/vuln/SNYK-PYTHON-MYBIUBIUBIU-72532
https://snyk.io/vuln/SNYK-PYTHON-PKGUTIL-72527
https://snyk.io/vuln/SNYK-PYTHON-SMPLEJSON-72526
https://snyk.io/vuln/SNYK-PYTHON-TIMEIT-72528
https://snyk.io/vuln/SNYK-PYTHON-COLOURAMA-72537
https://snyk.io/vuln/SNYK-PYTHON-PYCONAUFUNTIMES-72536
https://snyk.io/vuln/SNYK-PYTHON-DJANGA-72533
https://snyk.io/vuln/SNYK-PYTHON-EASYINSTALL-72534
https://snyk.io/vuln/SNYK-PYTHON-LIBPESHKA-72535
https://snyk.io/vuln/SNYK-PYTHON-SSHDECORATE-40786
https://snyk.io/vuln/SNYK-PYTHON-ACQUSITION-40662
https://snyk.io/vuln/SNYK-PYTHON-APIDEVCOOP-40663
https://snyk.io/vuln/SNYK-PYTHON-BZIP-40664
https://snyk.io/vuln/SNYK-PYTHON-CRYPT-40665
https://snyk.io/vuln/SNYK-PYTHON-DJANGOSERVER-40666
https://snyk.io/vuln/SNYK-PYTHON-PWD-40667
https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-40668
https://snyk.io/vuln/SNYK-PYTHON-TELNET-40669
https://snyk.io/vuln/SNYK-PYTHON-URLIB3-40670
https://snyk.io/vuln/SNYK-PYTHON-URLLIB-40671

文章参考链接：

https://github.com/dateutil/dateutil/issues/984
https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories
https://medium.com/@bertusk/detecting-cyber-attacks-in-the-python-package-index-pypi-61ab2b585c67
https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8
https://www.bleepingcomputer.com/news/security/backdoored-python-library-caught-stealing-ssh-credentials/
https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

grayddq / PypiScan

Programming Languages

Labels

Projects that are alternatives of or similar to PypiScan

PypiScan 0.1

作者

技术细节

程序使用

运行截图

历史风险参考