Sunday 05 July 2026 07:54:35 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

.pth file

A Python startup file that can execute code when the interpreter begins loading site paths.

A .pth file is a Python startup file used by the site module to add paths to the interpreter’s import search path. During interpreter initialization, Python scans certain site directories and processes these files automatically. While many .pth files simply list directories, they can also contain executable lines that run code at startup.

That behavior matters in cyber security because it creates a stealthy execution path before an application imports anything explicitly. Attackers can abuse a malicious .pth file in a package, wheel, or environment to launch payloads as soon as Python starts, bypassing some import-based detections. Defenders should inspect installed packages for unexpected .pth files, verify wheel contents, isolate build and notebook environments, and treat startup-time code execution as a supply-chain risk.

← WIKICROOK index