
Security Fundamentals
Turtles, Clams, and Cyber Threat Actors: Shell Usage
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Inspired by dop.
.. code-block:: bash
# pip install dopy
To interact with Digital Ocean, you first need .. a digital ocean account with valid API keys.
Keys can be set either as Env variables, or within the code.
For API v.2.
.. code-block:: bash
# export DO_API_VERSION='2'
# export DO_API_TOKEN='api_token'
.. code-block:: pycon
>>> from dopy.manager import DoManager
>>> do = DoManager(None, 'api_token', api_version=2)
For API v.1.
.. code-block:: bash
# export DO_CLIENT_ID='client_id'
# export DO_API_KEY='long_api_key'
.. code-block:: pycon
>>> from dopy.manager import DoManager
>>> do = DoManager('client_id', 'long_api_key')
The methods of the DoManager are self explanatory; ex.
.. code-block:: pycon
>>> do.all_active_droplets()
>>> do.show_droplet('12345')
>>> do.destroy_droplet('12345')
>>> do.all_regions()
>>> do.all_images()
>>> do.all_ssh_keys()
>>> do.sizes()
>>> do.all_domains()
>>> do.new_droplet('new_droplet', 66, 1601, 1)
The methods for v.2 API are similar, the only difference is using names instead of IDs for domains and slugs for sizes, images and datacenters; ex.
.. code-block:: pycon
>>> do.show_domain('exapmle.com')
>>> do.new_droplet('new_droplet', '512mb', 'lamp', 'ams2')
See github issue list - post if any needed
FAQs
Python client for the Digital Ocean API
We found that dopy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.