flake8-bandit
monkey
Our great sponsors
flake8-bandit | monkey | |
---|---|---|
3 | 5 | |
111 | 6,483 | |
- | 0.8% | |
0.0 | 10.0 | |
8 months ago | 14 days ago | |
Python | Python | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flake8-bandit
-
The Ruff python linter is insanely good
flake8-bandit uses bandit behind the scenes: https://github.com/tylerwince/flake8-bandit/blob/main/flake8_bandit.py ruff doesn't and implements the rules directly
-
Python toolkits
flake8-black which uses black for code formatting check.
-
Hardening and Simplifying Python's urlopen
A little disturbing, yes? Bandit agrees. Perhaps you want to consider scanning with that security tool or its related flake8 plugin.
monkey
- Security Audit Scan
- Kaseya Acquired Vonahi Security
-
If you could name 5 tools/software worth learning for a cybersecurity analyst to become more employable, what would they be?
https://github.com/guardicore/monkey The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
-
Infection Monkey is a free open-source, network penetration testing tool. It is a breach and attack simulator that uses real-world attack techniques and known vulnerabilities. Evaluating your security is easy with Infection Monkey and takes 3 simple steps.
The git is here: https://github.com/guardicore/monkey . Build it from source or look for it on COPR or wherever its circle-ci pops it out of.
What are some alternatives?
bandit - Bandit is a tool designed to find common security issues in Python code.
APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
vulnerablecode - A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
gosec - Go security checker
DumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
content - Security automation content in SCAP, Bash, Ansible, and other formats
autowpscan - Assistant work tool for wpscan.
wazuh-ruleset - Wazuh - Ruleset
Check-WP-CVE-2020-35489 - The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489
flake8-comprehensions - ❄️ A flake8 plugin to help you write better list/set/dict comprehensions.
ruff - An extremely fast Python linter and code formatter, written in Rust.