python-obfuscation-framework 1.12.0__tar.gz → 1.13.0__tar.gz

{python_obfuscation_framework-1.12.0/python_obfuscation_framework.egg-info → python_obfuscation_framework-1.13.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python-obfuscation-framework
-Version: 1.12.0
+Version: 1.13.0
 Summary: Python Obfuscation Framework
 Author-email: deoktr <35725720+deoktr@users.noreply.github.com>
 Maintainer-email: deoktr <35725720+deoktr@users.noreply.github.com>
@@ -265,6 +265,15 @@ cat in.py | docker run --rm -i ghcr.io/deoktr/python-obfuscation-framework:lates
 
 ## Usage
 
+You can select the obfuscation level with the `-f` flag, here are the levels:
+
+- basic
+- moderate
+- advanced
+- extreme
+
+Or you can specify and use a single obfuscator.
+
 ```bash
 # pipe input and output to stdout
 echo "print('Hello, world')" | pof
@@ -278,6 +287,12 @@ pof in.py > out.py
 # pipe to python to run it
 pof in.py | python
 
+# obfuscator preset, choose the level of obfuscation needed
+pof in.py -o out.py -f basic
+pof in.py -o out.py -f moderate
+pof in.py -o out.py -f advanced
+pof in.py -o out.py -f extreme
+
 # obfuscator
 pof in.py -o out.py -f obfuscator -k BuiltinsObfuscator
 
@@ -418,6 +433,15 @@ print(len('bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'))
 
 # Boolean
 print((True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True))
+
+# Bitwise XOR
+print((53^31))
+
+# Bitwise shift
+print((21<<1))
+
+# Bitwise NOT complement
+print((~(~42)))
 ```
 
 #### BooleanObfuscator
@@ -425,23 +449,22 @@ print((True+True+True+True+True+True+True+True+True+True+True+True+True+True+Tru
 Source: `print(True)`
 
 ```python
-# not False
 print(not False)
-
-# all([])
 print(all([]))
-
-# any([True])
 print(any([True]))
-
-# not not True
 print(not not True)
-
-# '' in ''
 print('' in '')
-
-# bool(1)
 print(bool(1))
+print(bool(1&1))
+print(bool(~0))
+```
+
+Source: `print(False)`
+
+```python
+print(bool(1&0))
+print(bool(1^1))
+print(bool(0|0))
 ```
 
 #### ConstantsObfuscator
@@ -1310,8 +1333,9 @@ times, and we finally convert the tokens back to code.
 By chaining multiple obfuscations techniques we can create very complex and
 custom output.
 
-Pof also provide evasions methods, detailed below, they are useful for quick and
-easy evasions, and can be used and customized to fit the need.
+Pof also provide evasions methods, they are useful for quick and easy evasions,
+and can be used and customized to fit the need. The full evasion documentation
+can be found in [evasion.md](./evasion.md).
 
 For more example of how to use the pof Python API check the
 [examples/](./examples) directory.
@@ -1393,6 +1417,13 @@ python3 -m build
 python3 -m twine check dist/*
 ```
 
+Update evasion documentation:
+
+```bash
+pip install .
+./scripts/generate_evasion_docs.py > evasion.md
+```
+
 ## Python 2
 
 No effort is made to support Python 2, most obfuscator, stagers, and evasion

{python_obfuscation_framework-1.12.0 → python_obfuscation_framework-1.13.0}/README.md

@@ -220,6 +220,15 @@ cat in.py | docker run --rm -i ghcr.io/deoktr/python-obfuscation-framework:lates
 
 ## Usage
 
+You can select the obfuscation level with the `-f` flag, here are the levels:
+
+- basic
+- moderate
+- advanced
+- extreme
+
+Or you can specify and use a single obfuscator.
+
 ```bash
 # pipe input and output to stdout
 echo "print('Hello, world')" | pof
@@ -233,6 +242,12 @@ pof in.py > out.py
 # pipe to python to run it
 pof in.py | python
 
+# obfuscator preset, choose the level of obfuscation needed
+pof in.py -o out.py -f basic
+pof in.py -o out.py -f moderate
+pof in.py -o out.py -f advanced
+pof in.py -o out.py -f extreme
+
 # obfuscator
 pof in.py -o out.py -f obfuscator -k BuiltinsObfuscator
 
@@ -373,6 +388,15 @@ print(len('bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'))
 
 # Boolean
 print((True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True+True))
+
+# Bitwise XOR
+print((53^31))
+
+# Bitwise shift
+print((21<<1))
+
+# Bitwise NOT complement
+print((~(~42)))
 ```
 
 #### BooleanObfuscator
@@ -380,23 +404,22 @@ print((True+True+True+True+True+True+True+True+True+True+True+True+True+True+Tru
 Source: `print(True)`
 
 ```python
-# not False
 print(not False)
-
-# all([])
 print(all([]))
-
-# any([True])
 print(any([True]))
-
-# not not True
 print(not not True)
-
-# '' in ''
 print('' in '')
-
-# bool(1)
 print(bool(1))
+print(bool(1&1))
+print(bool(~0))
+```
+
+Source: `print(False)`
+
+```python
+print(bool(1&0))
+print(bool(1^1))
+print(bool(0|0))
 ```
 
 #### ConstantsObfuscator
@@ -1265,8 +1288,9 @@ times, and we finally convert the tokens back to code.
 By chaining multiple obfuscations techniques we can create very complex and
 custom output.
 
-Pof also provide evasions methods, detailed below, they are useful for quick and
-easy evasions, and can be used and customized to fit the need.
+Pof also provide evasions methods, they are useful for quick and easy evasions,
+and can be used and customized to fit the need. The full evasion documentation
+can be found in [evasion.md](./evasion.md).
 
 For more example of how to use the pof Python API check the
 [examples/](./examples) directory.
@@ -1348,6 +1372,13 @@ python3 -m build
 python3 -m twine check dist/*
 ```
 
+Update evasion documentation:
+
+```bash
+pip install .
+./scripts/generate_evasion_docs.py > evasion.md
+```
+
 ## Python 2
 
 No effort is made to support Python 2, most obfuscator, stagers, and evasion

{python_obfuscation_framework-1.12.0 → python_obfuscation_framework-1.13.0}/pof/cli.py

@@ -176,8 +176,8 @@ def _cli() -> int:
     parser.add_argument(
         "-f",
         "--function",
-        help="obfuscation function",
-        default="obfuscate",
+        help="obfuscation function, can be a specific function or preset: basic/moderate/advanced/extreme",  # noqa: E501
+        default="moderate",
     )
     parser.add_argument(
         "--format",

python_obfuscation_framework-1.13.0/pof/evasion/__init__.py

@@ -0,0 +1,162 @@
+# POF, a free and open source Python obfuscation framework.
+# Copyright (C) 2022 - 2026  Deoktr
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from .debugger.breakpoint_hook import BreakpointHookEvasion
+from .debugger.coverage import CoverageEvasion
+from .debugger.cprofile import CProfileEvasion
+from .debugger.debugger import DebuggerEvasion
+from .debugger.linux_debug_process import LinuxDebugProcessEvasion
+from .debugger.tracemalloc_evasion import TracemallocEvasion
+from .debugger.win_debug_process import WinDebugProcessEvasion
+from .debugger.win_debugger import WinDebuggerEvasion
+from .guardrails.argv import ArgvEvasion
+from .guardrails.directory_exist import DirectoryExistEvasion
+from .guardrails.directory_list_exist import DirectoryListExistEvasion
+from .guardrails.directory_list_missing import DirectoryListMissingEvasion
+from .guardrails.directory_missing import DirectoryMissingEvasion
+from .guardrails.domain import DomainEvasion
+from .guardrails.env_var import EnvVarEvasion
+from .guardrails.expire import ExpireEvasion
+from .guardrails.file_content import FileContentEvasion
+from .guardrails.file_exist import FileExistEvasion
+from .guardrails.file_list_exist import FileListExistEvasion
+from .guardrails.file_list_missing import FileListMissingEvasion
+from .guardrails.file_missing import FileMissingEvasion
+from .guardrails.file_size import FileSizeEvasion
+from .guardrails.hostname import HostnameEvasion
+from .guardrails.installed_software import InstalledSoftwareEvasion
+from .guardrails.integrity import IntegrityEvasion
+from .guardrails.ip_address import IPAddressEvasion
+from .guardrails.language_locale import LanguageLocaleEvasion
+from .guardrails.mac_address import MACAddressEvasion
+from .guardrails.timezone import TimezoneEvasion
+from .guardrails.uid import LinuxUIDEvasion
+from .guardrails.username import UsernameEvasion
+from .guardrails.win_ad_domain import WinADDomainEvasion
+from .guardrails.win_privilege import WinPrivilegeEvasion
+from .guardrails.win_prompt import WinPromptEvasion
+from .multi import MultiEvasion
+from .sandbox.cpu_count import CPUCountEvasion
+from .sandbox.disk_size import DiskSizeEvasion
+from .sandbox.edr import LinuxEDREvasion, WinEDREvasion
+from .sandbox.exec_method import ExecMethodEvasion
+from .sandbox.executable_path import ExecPathEvasion
+from .sandbox.linux_mouse import LinuxMouseEvasion
+from .sandbox.linux_process_list import LinuxProcessListEvasion
+from .sandbox.linux_sandbox_artifacts import LinuxSandboxArtifactEvasion
+from .sandbox.linux_screen_resolution import LinuxScreenResolutionEvasion
+from .sandbox.linux_tmp_count import LinuxTmpCountEvasion
+from .sandbox.proc_count import LinuxProcCountEvasion
+from .sandbox.ram_count import LinuxRAMCountEvasion
+from .sandbox.sandbox_hostname import SandboxHostnameEvasion
+from .sandbox.sandbox_username import SandboxUsernameEvasion
+from .sandbox.tmp_count import TmpCountEvasion
+from .sandbox.uptime import LinuxUptimeEvasion
+from .sandbox.utc import UTCEvasion
+from .sandbox.vm_hypervisor import VMHypervisorEvasion
+from .sandbox.win_mouse import WinMouseEvasion
+from .sandbox.win_proc_count import WinProcCountEvasion
+from .sandbox.win_process_list import WinProcessListEvasion
+from .sandbox.win_ram_count import WinRAMCountEvasion
+from .sandbox.win_registry_vm import WinRegistryVMEvasion
+from .sandbox.win_sandbox_artifacts import WinSandboxArtifactEvasion
+from .sandbox.win_screen_resolution import WinScreenResolutionEvasion
+from .sandbox.win_tmp_count import WinTmpCountEvasion
+from .sandbox.win_uptime import WinUptimeEvasion
+from .special.cicd import CICDEvasion
+from .special.jupyter import JupyterEvasion
+from .special.linux_docker import LinuxDockerEvasion
+from .special.linux_kubernetes import LinuxKubernetesEvasion
+from .special.linux_wsl import LinuxWSLEvasion
+from .special.serverless import ServerlessEvasion
+from .special.win_container import WinContainerEvasion
+from .special.win_hyper_v import WinHyperVGuestEvasion
+from .special.win_sandbox_env import WinSandboxEnvEvasion
+
+__all__ = [
+    "ArgvEvasion",
+    "BreakpointHookEvasion",
+    "CICDEvasion",
+    "CPUCountEvasion",
+    "CProfileEvasion",
+    "CoverageEvasion",
+    "DebuggerEvasion",
+    "DirectoryExistEvasion",
+    "DirectoryListExistEvasion",
+    "DirectoryListMissingEvasion",
+    "DirectoryMissingEvasion",
+    "DiskSizeEvasion",
+    "DomainEvasion",
+    "EnvVarEvasion",
+    "ExecMethodEvasion",
+    "ExecPathEvasion",
+    "ExpireEvasion",
+    "FileContentEvasion",
+    "FileExistEvasion",
+    "FileListExistEvasion",
+    "FileListMissingEvasion",
+    "FileMissingEvasion",
+    "FileSizeEvasion",
+    "HostnameEvasion",
+    "IPAddressEvasion",
+    "InstalledSoftwareEvasion",
+    "IntegrityEvasion",
+    "JupyterEvasion",
+    "LanguageLocaleEvasion",
+    "LinuxDebugProcessEvasion",
+    "LinuxDockerEvasion",
+    "LinuxEDREvasion",
+    "LinuxKubernetesEvasion",
+    "LinuxMouseEvasion",
+    "LinuxProcCountEvasion",
+    "LinuxProcessListEvasion",
+    "LinuxRAMCountEvasion",
+    "LinuxSandboxArtifactEvasion",
+    "LinuxScreenResolutionEvasion",
+    "LinuxTmpCountEvasion",
+    "LinuxUIDEvasion",
+    "LinuxUptimeEvasion",
+    "LinuxWSLEvasion",
+    "MACAddressEvasion",
+    "MultiEvasion",
+    "SandboxHostnameEvasion",
+    "SandboxUsernameEvasion",
+    "ServerlessEvasion",
+    "TimezoneEvasion",
+    "TmpCountEvasion",
+    "TracemallocEvasion",
+    "UTCEvasion",
+    "UsernameEvasion",
+    "VMHypervisorEvasion",
+    "WinADDomainEvasion",
+    "WinContainerEvasion",
+    "WinDebugProcessEvasion",
+    "WinDebuggerEvasion",
+    "WinEDREvasion",
+    "WinHyperVGuestEvasion",
+    "WinMouseEvasion",
+    "WinPrivilegeEvasion",
+    "WinProcCountEvasion",
+    "WinProcessListEvasion",
+    "WinPromptEvasion",
+    "WinRAMCountEvasion",
+    "WinRegistryVMEvasion",
+    "WinSandboxArtifactEvasion",
+    "WinSandboxEnvEvasion",
+    "WinScreenResolutionEvasion",
+    "WinTmpCountEvasion",
+    "WinUptimeEvasion",
+]

python_obfuscation_framework-1.13.0/pof/evasion/base.py

@@ -0,0 +1,138 @@
+# POF, a free and open source Python obfuscation framework.
+# Copyright (C) 2022 - 2026  Deoktr
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from __future__ import annotations
+
+from enum import StrEnum
+from tokenize import DEDENT, INDENT, LPAR, NAME, NEWLINE, OP, RPAR, STRING
+
+
+class Platform(StrEnum):
+    """Valid platform values for evasion techniques."""
+
+    ANY = "any"
+    LINUX = "linux"
+    WINDOWS = "windows"
+    DARWIN = "darwin"
+
+
+class Category(StrEnum):
+    """Valid category values for evasion techniques."""
+
+    SANDBOX = "sandbox"
+    GUARDRAILS = "guardrails"
+    DEBUGGER = "debugger"
+    SPECIAL = "special"
+
+
+class BaseEvasion:
+    # add evasion class name inside the exception
+    ADD_CLASS_NAME: bool = True
+
+    CATEGORY: str = ""
+    PLATFORM: str = Platform.ANY
+    DESCRIPTION: str = ""
+
+    def __init_subclass__(cls, **kwargs: object) -> None:
+        # validate PLATFORM and CATEGORY
+        super().__init_subclass__(**kwargs)
+        if "PLATFORM" in cls.__dict__:
+            valid = {p.value for p in Platform}
+            val = cls.__dict__["PLATFORM"]
+            raw = val.value if isinstance(val, Platform) else val
+            if raw not in valid:
+                msg = (
+                    f"{cls.__name__}.PLATFORM = {val!r} is invalid."
+                    " Use Platform.{ANY,LINUX,WINDOWS,DARWIN}"
+                )
+                raise ValueError(msg)
+        if "CATEGORY" in cls.__dict__:
+            valid = {c.value for c in Category} | {""}
+            val = cls.__dict__["CATEGORY"]
+            raw = val.value if isinstance(val, Category) else val
+            if raw not in valid:
+                msg = (
+                    f"{cls.__name__}.CATEGORY = {val!r} is invalid."
+                    " Use Category.{SANDBOX,GUARDRAILS,DEBUGGER,SPECIAL}"
+                )
+                raise ValueError(msg)
+
+    def fail_call_tokens(self) -> list[tuple[int, str]]:
+        match getattr(self, "failure_mode", "exception"):
+            case "exit":
+                return [
+                    (NAME, "import"),
+                    (NAME, "sys"),
+                    (NEWLINE, "\n"),
+                    (NAME, "sys"),
+                    (OP, "."),
+                    (NAME, "exit"),
+                    (LPAR, "("),
+                    (RPAR, ")"),
+                ]
+            case "callback":
+                name = getattr(self, "callback_name", None) or "evasion_callback"
+                return [
+                    (NAME, name),
+                    (LPAR, "("),
+                    (RPAR, ")"),
+                ]
+            case "return":
+                return [
+                    (NAME, "exit"),
+                    (LPAR, "("),
+                    (RPAR, ")"),
+                ]
+            case _:  # "exception" (default)
+                return [
+                    (NAME, "raise"),
+                    (NAME, "Exception"),
+                    (LPAR, "("),
+                    (
+                        STRING,
+                        (
+                            repr(self.__class__.__name__)
+                            if self.ADD_CLASS_NAME
+                            else repr("evasion check triggered")
+                        ),
+                    ),
+                    (RPAR, ")"),
+                ]
+
+    @staticmethod
+    def import_tokens() -> list[tuple[int, str]]:
+        return []
+
+    @staticmethod
+    def check_tokens() -> list[tuple[int, str]]:
+        return []
+
+    def add_evasion(self, tokens):
+        return [
+            *self.import_tokens(),
+            (NEWLINE, "\n"),
+            (NAME, "if"),
+            (LPAR, "("),
+            *self.check_tokens(),
+            (RPAR, ")"),
+            (OP, ":"),
+            (NEWLINE, "\n"),
+            (INDENT, "    "),
+            *self.fail_call_tokens(),
+            (NEWLINE, "\n"),
+            (DEDENT, ""),
+            *tokens,
+        ]

python_obfuscation_framework-1.13.0/pof/evasion/debugger/breakpoint_hook.py

@@ -0,0 +1,46 @@
+# POF, a free and open source Python obfuscation framework.
+# Copyright (C) 2022 - 2026  Deoktr
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from tokenize import NAME, OP
+
+from pof.evasion.base import BaseEvasion, Category, Platform
+
+
+class BreakpointHookEvasion(BaseEvasion):
+    CATEGORY = Category.DEBUGGER
+    PLATFORM = Platform.ANY
+    DESCRIPTION = "Detects modified breakpoint hook"
+
+    @staticmethod
+    def import_tokens():
+        return [
+            (NAME, "import"),
+            (NAME, "sys"),
+        ]
+
+    @staticmethod
+    def check_tokens():
+        """`sys.breakpointhook is not sys.__breakpointhook__`."""
+        return [
+            (NAME, "sys"),
+            (OP, "."),
+            (NAME, "breakpointhook"),
+            (NAME, "is"),
+            (NAME, "not"),
+            (NAME, "sys"),
+            (OP, "."),
+            (NAME, "__breakpointhook__"),
+        ]

python_obfuscation_framework-1.13.0/pof/evasion/debugger/coverage.py

@@ -0,0 +1,43 @@
+# POF, a free and open source Python obfuscation framework.
+# Copyright (C) 2022 - 2026  Deoktr
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from tokenize import NAME, OP, STRING
+
+from pof.evasion.base import BaseEvasion, Category, Platform
+
+
+class CoverageEvasion(BaseEvasion):
+    CATEGORY = Category.DEBUGGER
+    PLATFORM = Platform.ANY
+    DESCRIPTION = "Detects coverage.py instrumentation"
+
+    @staticmethod
+    def import_tokens():
+        return [
+            (NAME, "import"),
+            (NAME, "sys"),
+        ]
+
+    @staticmethod
+    def check_tokens():
+        """`"coverage" in sys.modules`."""
+        return [
+            (STRING, '"coverage"'),
+            (NAME, "in"),
+            (NAME, "sys"),
+            (OP, "."),
+            (NAME, "modules"),
+        ]

python_obfuscation_framework-1.13.0/pof/evasion/debugger/cprofile.py

@@ -0,0 +1,46 @@
+# POF, a free and open source Python obfuscation framework.
+# Copyright (C) 2022 - 2026  Deoktr
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from tokenize import LPAR, NAME, OP, RPAR
+
+from pof.evasion.base import BaseEvasion, Category, Platform
+
+
+class CProfileEvasion(BaseEvasion):
+    CATEGORY = Category.DEBUGGER
+    PLATFORM = Platform.ANY
+    DESCRIPTION = "Detects active cProfile/profile profiling"
+
+    @staticmethod
+    def import_tokens():
+        return [
+            (NAME, "import"),
+            (NAME, "sys"),
+        ]
+
+    @staticmethod
+    def check_tokens():
+        """`sys.getprofile() is not None`."""
+        return [
+            (NAME, "sys"),
+            (OP, "."),
+            (NAME, "getprofile"),
+            (LPAR, "("),
+            (RPAR, ")"),
+            (NAME, "is"),
+            (NAME, "not"),
+            (NAME, "None"),
+        ]

{python_obfuscation_framework-1.12.0/pof/evasion/hooks → python_obfuscation_framework-1.13.0/pof/evasion/debugger}/debugger.py

@@ -16,10 +16,14 @@
 
 from tokenize import LPAR, NAME, OP, RPAR, STRING
 
-from pof.evasion.base import BaseEvasion
+from pof.evasion.base import BaseEvasion, Category, Platform
 
 
 class DebuggerEvasion(BaseEvasion):
+    CATEGORY = Category.DEBUGGER
+    PLATFORM = Platform.ANY
+    DESCRIPTION = "Detects Python debugger via sys.gettrace()"
+
     @staticmethod
     def import_tokens():
         return [