Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Fastshot is a GenAI powered screenshot and annotation tool designed to optimize your workflow. Ideal for students, developers, researchers, and operations professionals, Fastshot enhances multitasking by providing seamless, efficient tools to capture, pin, annotate, and analyze screen content.
With its "pin on top" feature, Fastshot allows users to keep screenshots easily accessible while enabling smooth zooming, moving, annotation, and copying for multi-system comparisons. The built-in OCR tool enables quick extraction of text from any part of the screen, further streamlining your workflow.
Additionally, Fastshot’s GenAI-powered assistant offers advanced analysis and summarization of screen content, allowing users to extract information and ask questions with ease, significantly boosting productivity.
The tool also includes a Screen Pen feature, window pinning capabilities, and customizable window opacity adjustments—perfect for managing complex workflows across multiple windows and tasks.
You can install Fastshot from PyPI:
pip install fastshot
Once installed, you can start Fastshot from the command line:
fastshot
setx OPENAI_TOKEN "sk-kK"
setx OPENAI_MM_URL "https://xxx"
setx OPENAI_CHATGPT_URL "https://xxx"
setx HEAD_TOKEN_KEY "Authorization"
setx OPENAI_TOKEN_URL ""
setx OPENAI_USER_NAME ""
setx OPENAI_PASSWORD ""
setx OPENAI_APPLICATION_ID ""
setx OPENAI_APPLICATION_NAME ""
setx OPENAI_MM_URL "https://xxx"
setx OPENAI_CHATGPT_URL "https://xxx"
setx HEAD_TOKEN_KEY "Authorization"
setx OPENAI_HEALTH_URL ""
Customize your experience with configurable shortcuts. Most operations require only a single hotkey, minimizing the need for repetitive touch points.
[Shortcuts]
hotkey_snip = <shift>+a+s
hotkey_paint = <ctrl>+p
hotkey_text = <ctrl>+t
hotkey_screenpen_toggle = <ctrl>+<cmd>+<alt>
hotkey_undo = <ctrl>+z
hotkey_redo = <ctrl>+y
hotkey_screenpen_exit = <esc>
hotkey_screenpen_clear_hide = <ctrl>+<esc>
hotkey_topmost_on = <esc>+`
hotkey_topmost_off = <cmd>+<shift>+\
hotkey_opacity_down = <left>+<right>+<down>
hotkey_opacity_up = <left>+<right>+<up>
[ScreenPen]
enable_screenpen = True
pen_color = red
pen_width = 3
git clone https://github.com/jimeverest/fastshot.git
cd fastshot
pip install -r requirements.txt
You can run the tests using:
pytest tests/
We welcome contributions from the community! Please read our Contributing Guide to learn how you can help improve Fastshot.
Fastshot is released under the MIT License.
Fastshot is designed to seamlessly integrate into your workflow without altering your existing systems or data structures. Here's how it helps:
By providing powerful tools for capturing, annotating, and sharing screen content, Fastshot is an indispensable asset for anyone who requires efficient multitasking capabilities in their daily activities.
The plugin system in Fastshot is designed to be simple yet powerful, enabling developers to add custom functionalities without modifying the core application code. Plugins are Python modules that adhere to a specific interface, allowing the main application to load, manage, and execute them seamlessly.
A plugin can be a single Python file placed directly in the plugins directory or a package (folder with an init.py file) if it requires multiple modules or resources.
Each plugin must define a get_plugin_info() function that returns a dictionary with the following keys:
Each plugin must implement a run(app_context) function, which is the entry point when the plugin is activated. The app_context parameter provides access to the main application and allows the plugin to interact with it.
Follow these steps to create a plugin for Fastshot.
Navigate to the plugins directory in the Fastshot application. Create a new Python file for your plugin (e.g., my_plugin.py).
In your plugin file, define the get_plugin_info() function:
def get_plugin_info():
"""Returns metadata about the plugin."""
return {
'name': 'My Plugin',
'id': 'my_plugin',
'description': 'A plugin that does something useful.',
'author': 'Your Name',
'version': '1.0',
'default_shortcut': 'alt',
'press_times': 3,
'enabled': True
}
Note: Adjust the default_shortcut and press_times to suit your plugin's activation method.
Implement the run(app_context) function, which contains the code to be executed when the plugin is activated:
def run(app_context):
"""The main function that gets called when the plugin is activated."""
# Your plugin code here
print("My Plugin has been activated!")
Example: You might display a message box, manipulate application data, or perform any desired action.
If your plugin needs to interact with the main application, use the app_context parameter:
def run(app_context):
"""The main function that gets called when the plugin is activated."""
# Access application attributes or methods
app_context.some_method()
Note: Refer to the application documentation for available methods and attributes.
Start the Fastshot application. Activate the plugin by pressing the specified shortcut key the required number of times within one second. Verify that the plugin behaves as expected.
Below is an example of a simple plugin that displays a "Hello, World!" message when activated.
# plugins/plugin_hello_world.py
import tkinter as tk
from tkinter import messagebox
def get_plugin_info():
"""Returns metadata about the plugin."""
return {
'name': 'Hello World Plugin',
'id': 'plugin_hello_world',
'description': 'Displays a Hello World message.',
'author': 'Your Name',
'version': '1.0',
'default_shortcut': 'alt',
'press_times': 3,
'enabled': True
}
def run(app_context):
"""The main function that gets called when the plugin is activated."""
root = tk.Tk()
root.withdraw()
messagebox.showinfo("Hello Plugin", "Hello, World!")
root.destroy()
Activation: Press the Alt key three times within one second to activate this plugin.
Default Shortcuts: Plugins specify default shortcuts in their metadata. User Configuration: In future versions, users will be able to modify plugin settings (e.g., shortcuts, enable/disable) through the application's web portal or configuration files. Conflict Avoidance: Ensure your plugin's shortcut doesn't conflict with existing shortcuts.
Unique IDs: Assign a unique id to your plugin to prevent conflicts. Error Handling: Include try-except blocks in your plugin code to handle exceptions gracefully. Minimal Impact: Ensure your plugin doesn't negatively impact the application's performance or stability. Documentation: Comment your code and provide clear explanations of your plugin's functionality. Security: Avoid executing untrusted code and be cautious with file and network operations.
Trust: Only use plugins from trusted sources to prevent security risks. Sandboxing: Currently, plugins run with the same permissions as the main application. Be mindful of this when developing plugins. Validation: Future versions may include security enhancements, such as plugin signing or sandboxing mechanisms.
Share Your Plugin: If you've developed a plugin that could benefit others, consider contributing it to the project. Contribution Guidelines: Follow the project's contribution guidelines for submitting plugins. Collaboration: Engage with the community to improve and expand plugin functionalities.
FAQs
A versatile screen capturing tool with annotation and OCR features
We found that fastshot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.