Security News
NVD Quietly Sweeps 100K+ CVEs Into a “Deferred” Black Hole
NVD now marks all pre-2018 CVEs as "Deferred," signaling it will no longer enrich older vulnerabilities, further eroding trust in its data.
By Sarah Gooding - Apr 04, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
bobskater
An AST based Python obfuscator that robustly mangles names and other obfuscations of Python code
Current limitations:
- DOES NOT SUPPORT: Annotations, evals, templated strings, imports of the form import xxx.yyy
- Very little configuration currently and instead takes a cautious approach in determining what identifiers to mangle. Globals, kwargs, class namespace identifiers, and others are not obfuscated but type of obfuscations should be use selected in the future.
- It is only tested with Python v3.5 and might not work with other AST versions
- Scoping for comprehensions are kind of hacky (and basically follows Python 2 comprehension scope leaking methodology)
Installation
pip install bobskater
Usage
bobskater provides a few mechanisms for direct use.
obfuscateString("")obfuscates a string of source code.obfuscateFile('myfile.py')will obfuscate an entire file and overwrite the original
Both take keyword arguments for configuration:
removeDocstringswill remove docstrings by replacing them withpassstatements (to handle even cases where a function has only a docstring). Defaults toTrueobfuscateNameswill obfuscate all names except globally scoped variables, kwargs, builtins, and identifiers in a class namespace. Defaults toTrue
There are no other obfuscations performed than the two mentioned above currently in bobskater
Example
from bobskater import obfuscateString
myFileContents = open('myfile.py', 'r').read()
#Will obfuscate myFileContents and return it into output. Names will not be mangled, only docstrings will be removed
output = obfuscateString(myFileContents, obfuscateNames=False)
Contributing
Testing:
pytest - Runs all the tests
Releasing:
Refer to the python docs on packaging for clarification.
Make sure you've updated setup.py, and have installed twine, setuptools, and wheel
python3 setup.py sdist bdist_wheel - Create a source distribution and a binary wheel distribution into dist/
twine upload dist/bobskater-x.x.x* - Upload all dist/ files to PyPI of a given version
Make sure to tag the commit you released
FAQs
AST based Obfuscator for Python
We found that bobskater demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
Lazarus-linked threat actors expand their npm malware campaign with new RAT loaders, hex obfuscation, and over 5,600 downloads across 11 packages.
By Kirill Boychenko - Apr 04, 2025
Security News
Safari 18.4 Ships 3 New JavaScript Features from the TC39 Pipeline
Safari 18.4 adds support for Iterator Helpers and two other TC39 JavaScript features, bringing full cross-browser coverage to key parts of the ECMAScript spec.
By Sarah Gooding - Apr 03, 2025