Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
.. image:: https://img.shields.io/badge/source-github-orange :target: https://github.com/barneygale/asyncvnc
.. image:: https://readthedocs.org/projects/asyncvnc/badge/?version=latest&style=flat-square :target: https://asyncvnc.readthedocs.io/en/latest/?badge=latest
.. image:: https://img.shields.io/pypi/v/asyncvnc?style=flat-square :target: https://pypi.org/project/asyncvnc
.. image:: https://github.com/barneygale/asyncvnc/actions/workflows/ci.yml/badge.svg :target: https://github.com/barneygale/asyncvnc/actions
AsyncVNC is a Python package which provides an asynchronous client implementation of the VNC (RFB) protocol on top of the asyncio framework.
.. code-block::
import asyncio, asyncvnc
async def run_client():
with asyncvnc.connect('localhost', 5900, 'username', 'password') as client:
client.keyboard.write('hello world!')
asyncio.run(run_client())
Full support for keyboard, mouse, video and clipboard updates.
Compatibility with traditional VNC servers (RealVNC, TightVNC, TigerVNC, etc).
Compatibility with the built-in macOS Remote Desktop server.
Detection of multi-head frame buffer data using a novel algorithm.
Support for tunneling VNC over SSH with AsyncSSH.
Support for image data compression with zlib.
This package requires Python 3.7+.
Install AsyncVNC by running::
pip install asyncvnc
This snippet connects to a local unauthenticated VNC server, prints information, and disconnects::
import asyncio, asyncvnc
async def run_client():
async with asyncvnc.connect('localhost') as client:
print(client)
asyncio.run(run_client())
To log in to a macOS server, supply username and password arguments::
async with asyncvnc.connect('localhost', username='user123', password='h4x0r'):
...
For traditional authenticated VNC servers, the password argument is required but not username.
.. warning::
Traditional VNC authentication is woefully insecure. For best results, configure your VNC server to listen only on
``127.0.0.1``. If you need external access, use an SSH tunnel.
To tunnel VNC over SSH, use the AsyncSSH package (after which this package is modelled)::
import asyncio, asyncssh, asyncvnc
async def run_client():
async with asyncssh.connect('myserver') as conn:
async with asyncvnc.connect('localhost', opener=conn.open_connection) as client:
print(client)
asyncio.run(run_client())
Keyboard and mouse objects provide context managers for holding down keys and buttons::
with client.keyboard.hold('Ctrl'):
...
with client.mouse.hold():
...
The keyboard has methods for pressing keys and writing text::
client.keyboard.press('Ctrl', 'c') # keys are stacked
client.keyboard.write('hi there!') # keys are queued
The mouse has methods for moving the cursor and clicking::
client.mouse.move(100, 200)
client.mouse.click()
client.mouse.right_click()
client.mouse.scroll_up()
To retrieve an image from the VNC server and save it as a PNG file::
import asyncio, asyncvnc
from PIL import Image
async def run_client():
async with asyncvnc.connect('localhost') as client:
# Retrieve pixels as a 3D numpy array
pixels = await client.screenshot()
# Save as PNG using PIL/pillow
image = Image.fromarray(pixels)
image.save('screenshot.png')
asyncio.run(run_client())
The macOS VNC server composites attached monitors/screens into a single frame buffer. It does not send updates for unoccupied regions; we can use this information to detect screens::
pixels = client.video.as_rgba()
for screen in client.video.detect_screens():
screen_pixels = pixels[screen.slices]
FAQs
Asynchronous VNC for Python
We found that asyncvnc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.