Skip to main content

A package to self hash and verify a python script

Project description


SelfHash is a Python package that allows you to hash your Python scripts and verify them. It's designed to provide an additional layer of security by ensuring that your script's code has not been tampered with. If the hash does not match the known good hash then the script will immediately exit and prevent further execution.


pip install selfhash

Installation From Source

You can also choose to install SelfHash from source with:

git clone
cd selfhash-python
pip install .

Integrating SelfHash Into Your Scripts

To use SelfHash in your scripts, you need to follow two steps:

  1. Add the Hash Line: At the top of your script file, include the following special line of code: # Hash: INSERT_HASH_HERE. This line serves as a placeholder for the hash of your script's code.

  2. Use the SelfHash Module: Import the SelfHash module in your script, create a new instance of the SelfHash class, and then call the hash method on this instance, passing __file__ as an argument. This will calculate the hash of your script and verify it against the stored hash.

Here's an example:

import selfhash

hasher = selfhash.SelfHash(bypass_salt=False) # Always prompt for salt when set to False

When you run a script that uses SelfHash for the first time, it will generate a hash of the script. You then need to insert this hash into the # Hash: comment (leave it commented) of the script's code. This hash is then used for verification in subsequent runs.

If the hash of the script matches the known good hash, the script will print PASS: The program is verified and true. and continue execution. If the hash does not match, the script will print FAIL: The source code may have been tampered with. and immediately exit.


When you run the hash method, it will prompt you to enter a salt/passphrase for the hash calculation. This is an optional step that you can use to add an extra layer of security to your hash.

If you choose to provide a salt/passphrase, it will be used in the calculation of the hash of your script. This means that even if someone else has the exact same script code, they won't be able to generate the same hash unless they also know your salt/passphrase.

If you choose not to provide a salt/passphrase, you can simply press Enter when prompted and the hash will be calculated based only on your script's code.

Remember - if you use a salt/passphrase you should use the same salt/passphrase every time you run the script, otherwise the hash will be different and the script will fail the verification. This salt/passphrase should be stored securely for future retrieval.

Bypass Salt/Passphrase

In some cases, you might want to bypass the salt/passphrase prompt. You can do this by setting the bypass_salt parameter to True when you create an instance of the SelfHash class.

Here's an example:

import selfhash

hasher = selfhash.SelfHash(bypass_salt=True)

When you set bypass_salt to True, the hash method will not prompt you for a salt/passphrase and will calculate the hash based only on your script's code. This can be useful in automated environments where user input is not possible.

Note: If you bypass the salt/passphrase, you won't be able to use a salt/passphrase for the hash calculation. If you've previously run the hash method with a salt/passphrase, the hash will be different when you bypass the salt/passphrase, and the script will fail the verification. Be sure to use the same bypass_salt setting every time you run the script.

Verifying The SelfHash Module

To ensure the integrity of the SelfHash module itself, we provide a script named This script uses SelfHash to verify the hash of the selfhash/ file.

If the hash of selfhash/ matches the known hash at the top of the file, will print a message saying, The hash inside of selfhash/ matches and looks correct.

To run, use the following command without any salt (no passphrase is set):



Hashing A Script For The First Time

Verifying The Hash And Executing

Preventing Execution Of A Modified Script Or Incorrect Salt

Verifying SelfHash module itself (no seed/passphrase)


It's important to note that this script is only a part of a comprehensive security strategy and should not be solely relied upon to ensure the integrity and security of your code.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

selfhash-0.1.1.tar.gz (4.7 kB view hashes)

Uploaded source

Built Distribution

selfhash-0.1.1-py3-none-any.whl (5.1 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page