Lightweight Remote Code Execution (RCE) & Obfuscation module using dpaste.com API v2 and GitHub Raw URLs
Project description
PyVaultV2
Lightweight Remote Code Execution (RCE) Module
Author: Diwas XD
Features
- Raw code upload — your Python code goes as-is, no obfuscation layer
- Encrypted Session Tokens — backend URLs are hidden behind
PV2-{hash}-{scrambled} - Silent terminal — no backend service names leaked in output
- Output capture — all
print()from remote code is captured and displayed - Custom User-Agent header on every request
- Hash integrity check — tampered tokens are rejected
- GitHub Raw URL support as fallback
- Robust error handling for all failure cases
Installation
pip install PyVaultV2
Quick Start
1. Upload a local file
from pyvaultv2 import CodeManager
token = CodeManager.enc("my_script.py", expiry_days=7)
# Output:
# Upload successful!
# Encrypted Token: PV2-958cbefe45-312F6A634A3C273320
The token format: PV2-{10-char hash}-{XOR-scrambled ID}
Nobody can tell where this code is stored.
2. Execute via encrypted token
CodeManager.run("PV2-958cbefe45-312F6A634A3C273320")
# Output (whatever the remote code prints):
# Hello from PyVaultV2!
# Sum of 1 to 10 = 55
3. Execute via GitHub Raw URL
CodeManager.run("https://raw.githubusercontent.com/user/repo/main/script.py")
4. Convenience aliases
from pyvaultv2 import upload, execute
upload("my_code.py")
execute("PV2-958cbefe45-312F6A634A3C273320")
Token Format
PV2-{10-char SHA-256 hash}-{XOR-scrambled session ID (hex)}
| Part | Description |
|---|---|
PV2- |
PyVaultV2 token prefix |
958cbefe45 |
First 10 chars of SHA-256(raw_id + secret_key) |
312F6A634A3C... |
XOR-scrambled backend session ID in hex |
Tampered tokens are rejected with a hash mismatch error.
API Reference
CodeManager.enc(file_path, expiry_days=7)
Uploads a local Python file and returns an encrypted token.
| Parameter | Type | Default | Description |
|---|---|---|---|
file_path |
str |
— | Path to the local .py file |
expiry_days |
int |
7 |
Retention period in days |
Returns: str | None — Encrypted token or None on failure.
CodeManager.run(target)
Fetches and executes remote code, returning captured output.
| Parameter | Type | Default | Description |
|---|---|---|---|
target |
str |
— | PV2 token, GitHub Raw URL, or session ID |
Returns: str | None — Captured output from execution, or None on failure.
How It Works
Upload
Local .py file → POST to backend → Session ID → PV2 encrypted token
Execute
PV2 token → Verify hash → Decrypt → Fetch raw code → exec() with stdout capture
Error Handling
| Error Type | Behaviour |
|---|---|
| Missing file | Error message, returns None |
| Empty file | Error message, returns None |
| Network failure | Error message, returns None |
| HTTP 404 | "Remote code not found" message |
| Tampered token | "Token invalid or tampered" message |
| Syntax error | Full traceback printed |
| Execution exception | Full traceback printed |
Publishing to PyPI
pip install --upgrade build twine
python -m build
twine upload dist/*
License
MIT License — Copyright (c) 2026 Diwas XD
Disclaimer
Educational and authorized testing purposes only. Never use remote code execution on systems you do not own or have permission to test.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyvaultv2-3.0.0.tar.gz.
File metadata
- Download URL: pyvaultv2-3.0.0.tar.gz
- Upload date:
- Size: 7.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
298e9310859e34a1cc24c1c65f9dfa4f365a95c037216fc066e653d989b4c9ce
|
|
| MD5 |
58a92d3d0a063edb98ce5fa11f053c4a
|
|
| BLAKE2b-256 |
a5e9afbf0aa4e59b109043783a550e857a55c84d8c3c629d1fe4c5865c1cad59
|
File details
Details for the file pyvaultv2-3.0.0-py3-none-any.whl.
File metadata
- Download URL: pyvaultv2-3.0.0-py3-none-any.whl
- Upload date:
- Size: 7.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ebc0e7b69a231ba4cfb60435a17342fe926ba60349e92b1c663271b6a1051be0
|
|
| MD5 |
52d6b77f7b01ae72752f65ae5da3f275
|
|
| BLAKE2b-256 |
c2d7a2462c0e70a70aded2f15d4e58f750571c532ce0f14a9505ca8a9feffadc
|