Hacker News: rushter

Show HN: Hexora – detection and analysis of malicious Python scripts

rushter — Sat, 23 Aug 2025 14:08:34 +0000

I made a new library to detect malicious and harmful behaviour in Python scripts. It uses static analysis with semantic modeling. Even when the code is pretty obfuscated, it can still detect it.

For example, it can infer that

    getattr(sys.modules["built"+"ins"], "".join(reversed(["al","ev"])))("1+1")

Is basically:

    eval("1+1").

Currently, I'm testing it on public files where some of them implement malicious behavior, as well as past malicious packages on PyPI.

You can see some of the detection examples here: https://github.com/rushter/hexora/blob/main/docs/examples.md

I'd love to hear your feedback and ideas on how to improve this and identify missing rules.

Comments URL: https://news.ycombinator.com/item?id=44996104

Points: 3

# Comments: 0

Show HN: Hexora – static analysis tool for malicious Python scripts

rushter — Tue, 19 Aug 2025 22:58:11 +0000

I made a new library to detect malicious and harmful behaviour in Python scripts.

There are alternative libraries, but they usually rely on regexes, which can be fragile and tricked. My library uses AST and tracks some of the obfuscation techniques, such as import/call reassignment.

Currently, I'm testing it on public files where some of them implement malicious behavior, as well as past malicious packages on PyPI.

You can see some of the detection examples here:

https://github.com/rushter/hexora/blob/main/docs/examples.md

I'd love to hear your feedback and ideas on how to improve this and identify missing rules.

Comments URL: https://news.ycombinator.com/item?id=44957024

Points: 2

# Comments: 0

New comment by rushter in "Ask HN: Could you share your personal blog here?"

rushter — Tue, 04 Jul 2023 17:41:44 +0000

https://rushter.com

Most of my posts are about Python's internals and some security stuff

How to turn an ordinary gzip archive into a database

rushter — Tue, 25 Aug 2020 13:04:34 +0000

Article URL: https://rushter.com/blog/gzip-indexing/

Comments URL: https://news.ycombinator.com/item?id=24270880

Points: 1

# Comments: 0

New comment by rushter in "How to track and display profile views on GitHub"

rushter — Thu, 09 Jul 2020 15:42:35 +0000

Github does not send any extra information.

    "GET /counter.svg HTTP/1.1" 200 565 "-" "github-camo (62249a1c)"

I've reverted the badge.

New comment by rushter in "How to track and display profile views on GitHub"

rushter — Thu, 09 Jul 2020 15:40:20 +0000

You can't view profile statistics right now. Personally, my intent was to demonstrate the concept. I don't have plans using it.

New comment by rushter in "How to track and display profile views on GitHub"

rushter — Thu, 09 Jul 2020 15:38:09 +0000

I've removed it because it does not display relevant information anymore (someone fetches ten times a second via wget).

I also don't have plans to use it in the future. I wanted to demonstrate the concept.

New comment by rushter in "How to track and display profile views on GitHub"

rushter — Thu, 09 Jul 2020 15:18:46 +0000

You can check it here https://github.com/dwyl/hits

Also https://twitter.com/holman/status/427937383376379904

New comment by rushter in "How to track and display profile views on GitHub"

rushter — Thu, 09 Jul 2020 14:58:49 +0000

I agree, but I think such information should be available to all people. Some people will be doing this anyway, and they can hide this by using a transparent pixel.

New comment by rushter in "How to track and display profile views on GitHub"

rushter — Thu, 09 Jul 2020 14:56:16 +0000

I did some research before writing an article. GitHub started proxying images in 2014, and there are a lot of repositories that use this technique to keep their stats. I think GitHub is OK with that.

How to track and display profile views on GitHub

rushter — Thu, 09 Jul 2020 14:21:04 +0000

Article URL: https://rushter.com/blog/github-profile-markdown/

Comments URL: https://news.ycombinator.com/item?id=23780530

Points: 208

# Comments: 108

New comment by rushter in "Memory Management in Python"

rushter — Mon, 05 Aug 2019 15:15:43 +0000

Yes, it can, by calling the free function.

Which framework do you use for deep learning? It can allocate some object on its own.

Can you give me some stats when using a model and after it's no longer in use and can't be accessible? You can get it by calling the sys._debugmallocstats() function.

New comment by rushter in "Memory Management in Python"

rushter — Mon, 05 Aug 2019 05:51:45 +0000

Author of the article here.

I don't think system allocators are clever enough to process and allocate 100-500k of very small objects each minute when Python is performing something very intensive.

It's a pretty standard way to speedup allocation for dynamic languages. Game developers use similar techniques as well.

I have some stats on Python's allocator:

https://rushter.com/blog/python-object-allocation-statistics...

New comment by rushter in "Optimization tricks in Python: lists and tuples"

rushter — Thu, 14 Jun 2018 18:52:34 +0000

My article describes the tricks which are used inside the Python interpreter. Every improvement in the interpreter saves an insane amount of computing power considering its popularity.

New comment by rushter in "Optimization tricks in Python: lists and tuples"

rushter — Thu, 14 Jun 2018 17:59:52 +0000

Maybe I've missed something, but you can also get the same id (it's basically an address in the memory) because of the how memory allocation works. There is a special allocator in CPython, which preallocates big chunks of memory and constantly reusing it without allocation overhead. I have an article on this too.