Skip to main content

Lightweight Remote Code Execution (RCE) & Obfuscation module using dpaste.com API v2 and GitHub Raw URLs

Project description

PyVaultV2

Lightweight Remote Code Execution (RCE) Module

Author: Diwas XD


Features

  • Raw code upload — your Python code goes as-is, no obfuscation layer
  • Encrypted Session Tokens — backend URLs are hidden behind PV2-{hash}-{scrambled}
  • Silent terminal — no backend service names leaked in output
  • Output capture — all print() from remote code is captured and displayed
  • Custom User-Agent header on every request
  • Hash integrity check — tampered tokens are rejected
  • GitHub Raw URL support as fallback
  • Robust error handling for all failure cases

Installation

pip install PyVaultV2

Quick Start

1. Upload a local file

from pyvaultv2 import CodeManager

token = CodeManager.enc("my_script.py", expiry_days=7)
# Output:
# Upload successful!
# Encrypted Token: PV2-958cbefe45-312F6A634A3C273320

The token format: PV2-{10-char hash}-{XOR-scrambled ID}
Nobody can tell where this code is stored.

2. Execute via encrypted token

CodeManager.run("PV2-958cbefe45-312F6A634A3C273320")
# Output (whatever the remote code prints):
# Hello from PyVaultV2!
# Sum of 1 to 10 = 55

3. Execute via GitHub Raw URL

CodeManager.run("https://raw.githubusercontent.com/user/repo/main/script.py")

4. Convenience aliases

from pyvaultv2 import upload, execute

upload("my_code.py")
execute("PV2-958cbefe45-312F6A634A3C273320")

Token Format

PV2-{10-char SHA-256 hash}-{XOR-scrambled session ID (hex)}
Part Description
PV2- PyVaultV2 token prefix
958cbefe45 First 10 chars of SHA-256(raw_id + secret_key)
312F6A634A3C... XOR-scrambled backend session ID in hex

Tampered tokens are rejected with a hash mismatch error.


API Reference

CodeManager.enc(file_path, expiry_days=7)

Uploads a local Python file and returns an encrypted token.

Parameter Type Default Description
file_path str Path to the local .py file
expiry_days int 7 Retention period in days

Returns: str | None — Encrypted token or None on failure.

CodeManager.run(target)

Fetches and executes remote code, returning captured output.

Parameter Type Default Description
target str PV2 token, GitHub Raw URL, or session ID

Returns: str | None — Captured output from execution, or None on failure.


How It Works

Upload

Local .py file → POST to backend → Session ID → PV2 encrypted token

Execute

PV2 token → Verify hash → Decrypt → Fetch raw code → exec() with stdout capture

Error Handling

Error Type Behaviour
Missing file Error message, returns None
Empty file Error message, returns None
Network failure Error message, returns None
HTTP 404 "Remote code not found" message
Tampered token "Token invalid or tampered" message
Syntax error Full traceback printed
Execution exception Full traceback printed

Publishing to PyPI

pip install --upgrade build twine
python -m build
twine upload dist/*

License

MIT License — Copyright (c) 2026 Diwas XD


Disclaimer

Educational and authorized testing purposes only. Never use remote code execution on systems you do not own or have permission to test.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyvaultv2-3.0.0.tar.gz (7.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pyvaultv2-3.0.0-py3-none-any.whl (7.3 kB view details)

Uploaded Python 3

File details

Details for the file pyvaultv2-3.0.0.tar.gz.

File metadata

  • Download URL: pyvaultv2-3.0.0.tar.gz
  • Upload date:
  • Size: 7.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for pyvaultv2-3.0.0.tar.gz
Algorithm Hash digest
SHA256 298e9310859e34a1cc24c1c65f9dfa4f365a95c037216fc066e653d989b4c9ce
MD5 58a92d3d0a063edb98ce5fa11f053c4a
BLAKE2b-256 a5e9afbf0aa4e59b109043783a550e857a55c84d8c3c629d1fe4c5865c1cad59

See more details on using hashes here.

File details

Details for the file pyvaultv2-3.0.0-py3-none-any.whl.

File metadata

  • Download URL: pyvaultv2-3.0.0-py3-none-any.whl
  • Upload date:
  • Size: 7.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for pyvaultv2-3.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ebc0e7b69a231ba4cfb60435a17342fe926ba60349e92b1c663271b6a1051be0
MD5 52d6b77f7b01ae72752f65ae5da3f275
BLAKE2b-256 c2d7a2462c0e70a70aded2f15d4e58f750571c532ce0f14a9505ca8a9feffadc

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page