Encryptors

v2.49 suspicious
6.0
Medium Risk

End-to-end algorithm library

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderately high shell execution risks and some obfuscation techniques, raising concerns about potential misuse or hidden functionality.

  • High shell risk indicating potential command execution
  • Moderate obfuscation suggesting possible hidden functionality
Per-check LLM notes
  • Network: The network call pattern indicates the use of an HTTP client with redirection and timeout settings, which is generally benign unless the endpoint is known to be malicious.
  • Shell: The shell execution patterns suggest that the package may execute system commands, which could be risky if not properly sanitized or intended for nefarious purposes such as privilege escalation or data exfiltration.
  • Obfuscation: The use of base64 decoding and AES encryption is common but could indicate an attempt to hide code logic.
  • Credentials: No clear patterns of credential harvesting detected.
  • Metadata: The maintainer has only one package, which could indicate a new or less active account, but no other red flags are present.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • ): self._client = httpx.AsyncClient( follow_redirects=True, timeout=time
⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • try: key = base64.b64decode(aes_key) iv = os.urandom(cls.IV_LENGTH)
  • try: key = base64.b64decode(aes_key) encrypted_data = base64.b64decode(encry
  • encrypted_data = base64.b64decode(encrypted_data) iv = encrypted_data[:cls.IV_LENG
⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ystem() == 'Windows': subprocess.run('for /d /r . %d in (__pycache__) do @if exist "%d" rd /s/q "
  • shell=True) else: subprocess.run("find . -name '__pycache__' -type d -exec rm -rf {} +", shel
  • server..""" try: subprocess.run(['uvicorn', 'app:app', '--port', str(port), '--reload'], che
  • machine.""" try: subprocess.run(['uvicorn', 'app:app', '--host', '0.0.0.0', '--port', str(po
  • , *proto_files ] subprocess.run(cmd, shell=False, check=True) logger.info(Message.PROTO_
  • unning: {' '.join(cmd)}') subprocess.run(cmd) if __name__ == "__main__": cli() from collecti
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: osdental.ai

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "OSDental LLC" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with Encryptors 
Create a secure messaging application using the Python package 'Encryptors'. This application will allow users to send encrypted messages to each other over an unsecured network. Here’s a step-by-step guide on how to develop this application:

1. **Setup**: Install the 'Encryptors' package and set up a basic Flask web server to handle HTTP requests.
2. **User Interface**: Design a simple HTML/CSS front end for user interaction. This should include fields for username, message input, and recipient selection.
3. **Encryption Functionality**: Utilize 'Encryptors' to encrypt messages before sending them. Ensure that the encryption method supports strong algorithms such as AES.
4. **Decryption Functionality**: Implement decryption on the receiving end so that only the intended recipient can read the message.
5. **Key Management**: Integrate key exchange mechanisms like Diffie-Hellman for securely sharing encryption keys between users.
6. **Security Measures**: Incorporate additional security measures such as session management and protection against common web attacks.
7. **Testing**: Thoroughly test the application to ensure all features work correctly and securely.
8. **Documentation**: Provide clear documentation on how to use the application and how 'Encryptors' is integrated into the system.

Suggested Features:
- User registration and login functionality.
- Real-time messaging capabilities.
- Support for file attachments.
- Option to set message expiration times.
- Notification system for new messages.

This project will demonstrate the practical application of cryptographic techniques in real-world software development, showcasing how the 'Encryptors' package can be effectively utilized.