Add a layer of protection to piped bash installs
Project description
🔍 Binspect - Secure Your Pipe-to-Shell Installations
Binspect is a security tool that analyzes shell scripts before they're executed on your system. It's designed to make pipe-to-shell installations safer by detecting potentially malicious code.
🎬 See It In Action
🚨 The Problem
We've all seen installation instructions like this:
curl -fsSL https://example.com/install.sh | bash
This pattern is convenient but dangerous - you're executing code without reviewing it. Binspect helps bridge the security gap by analyzing scripts for malicious content before execution.
✨ Features
- 🤖 Uses AI to analyze shell scripts for malicious patterns
- 🔄 Works with a wide variety of LLM providers (uses LiteLLM to achieve this)
- 🎨 Rich terminal output with syntax highlighting
- 🛑 Interactive prompt to proceed or abort installation
- 🚀 Fast and efficient analysis
- 👁️ Less than 200 lines of Python - easily audit it yourself
🚀 Quick Start
Install using pip:
pip install binspect
Or with pipx:
pipx install binspect
📖 Usage
Instead of piping directly to bash, pipe through binspect first:
curl -fsSL https://example.com/install.sh | binspect | bash
Binspect will:
- Analyze the script for suspicious patterns
- Show you detailed findings
- Ask for confirmation before proceeding
- Pass the script to bash only if you approve
⚙️ Configuration
LLM Provider Setup
Binspect uses LiteLLM under the hood, allowing you to use various LLM providers. Set up your preferred provider using environment variables:
# For OpenAI
export OPENAI_API_KEY='your-api-key'
# For Anthropic/Claude
export ANTHROPIC_API_KEY='your-api-key'
# For other providers, see LiteLLM documentation
Model Selection
Choose your preferred model using the BASH_INSPECTOR_MODEL environment variable:
# Default is 'openai/gpt-4o'
export BASH_INSPECTOR_MODEL='anthropic/claude-3-sonnet-20240229'
For a full list of providers, see https://docs.litellm.ai/docs/providers.
🔒 Security Notes
- Binspect is a helper tool, not a guarantee of safety
- Always review scripts manually when possible
- Use trusted sources and verify checksums
- Consider using package managers instead of pipe-to-shell when available
🤝 Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
⚠️ Disclaimer
Binspect is provided as-is without any guarantees. While it can help identify obvious malicious patterns, it should not be your only security measure. Always exercise caution when executing scripts from the internet.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file binspect-0.1.1.tar.gz.
File metadata
- Download URL: binspect-0.1.1.tar.gz
- Upload date:
- Size: 4.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec9aa4895a2c329c69652e2457abe20f4fab8bc4dcb984dfe6391edf7ceefa09
|
|
| MD5 |
f08768b4429b4e9034789f4ac8df382c
|
|
| BLAKE2b-256 |
7060a2f1cddd44e53f46ad17dc015be564c6adb2a7a8fb25796d03b9d0378d5e
|
File details
Details for the file binspect-0.1.1-py3-none-any.whl.
File metadata
- Download URL: binspect-0.1.1-py3-none-any.whl
- Upload date:
- Size: 6.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c6df7208492dc34795650c496225fd9f218dfb408049fafba86000041bc17d3b
|
|
| MD5 |
01e69b9c88c2c67328ef7146eb3983ea
|
|
| BLAKE2b-256 |
cefa467f74e0db8353531f3bd0b1bdc33b40a24cdfc4dba6e8833c06b32719ef
|
