Python Security

Open-source Python projects categorized as Security

Top 23 Python Security Projects

  • GitHub repo PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: Is there an extensive checklist of web vulnerabilities? | reddit.com/r/Hacking_Tutorials | 2021-06-08

    Its not a "checklist" but maybe it can help https://github.com/swisskyrepo/PayloadsAllTheThings/

  • GitHub repo mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: "Microsoft-CryptoAPI/10.0" sending a number of strange requests. Do I have malware? | reddit.com/r/techsupport | 2021-05-24

    I was running mitmproxy (mitmweb) on my Windows 10 computer to monitor requests it was sending, and I noticed that it would periodically send GET requests with the User-Agent headers set to Microsoft-CryptoAPI/10.0 to these URLs:

  • GitHub repo algo

    Set up a personal VPN in the cloud

    Project mention: Should we use a VPN for staking at home ? | reddit.com/r/ethstaker | 2021-06-08

    Unless you build your own VPN (https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/) you are basically choosing either trusting ISP vs trusting hard-to-get-info-on company.

  • GitHub repo SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: sqlmap cannot find inject on the testfire.net | reddit.com/r/Kalilinux | 2021-05-12

    I found the same question on GitHub, but the payload given in the answer doesn't work.

  • GitHub repo macOS-Security-and-Privacy-Guide

    Guide to securing and improving privacy on macOS

    Project mention: need some advice - should I do a fresh install? | reddit.com/r/privacytoolsIO | 2021-05-27

    Clean install on Mac is easy, I don't see why it should be a problem. Also, MacOS Security and Privacy Guide could be extremely important for you during initial setup.

  • GitHub repo hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    Project mention: I can't stop watching porn. | reddit.com/r/TrueChristian | 2021-06-14

    Use OpenDNS Family Shield or setup a local host file like Steven Black's to block access to porn sites.

  • GitHub repo CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: Proxy for protection | reddit.com/r/networking | 2021-04-01

    The other thing you want to do is learn what the possible attacks are, and how to mitigate them. Owasp has some great resources for starters: https://owasp.org/www-project-top-ten/ https://cheatsheetseries.owasp.org/

  • GitHub repo wifiphisher

    The Rogue Access Point Framework

    Project mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10

    You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.

  • GitHub repo routersploit

    Exploitation Framework for Embedded Devices

    Project mention: Router login crack without password list | reddit.com/r/hacking | 2021-04-18

    try routersploit out for exploits thag don’t have to do with wordlists and stuff, rly good tool

  • GitHub repo Mailpile

    A free & open modern, fast email client with user-friendly encryption and privacy features

    Project mention: We need better open source e-mail clients! | reddit.com/r/privacytoolsIO | 2021-02-02

    Mailpile.is comes to mind. Their Twitter account is inactive since 2018, but they did fix some things on Github in November of 2020: https://github.com/mailpile/Mailpile/

  • GitHub repo urh

    Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

    Project mention: Help transmitting VDL Mode 2 messages | reddit.com/r/RTLSDR | 2021-05-11

    Sorry but (re-)transmitting VDL2 messages is really a bad idea. Spoofing ADSB/ACARS/GPS/GSM signals is totally out-of-law in most countries. If you want to retransmit previously recorded signal, you just have to record and replay IQ using hackRF tools or use URH. Perhaps tx_sdr will give you more clues to learn encoding/decoding, using rtl_433 as companion to decode. Use it on 434MHz (ISM band), which is allowed to anyone using low RF power. Do not expect more help on this subreddit for non-legal stuff.

  • GitHub repo trape

    People tracker on the Internet: OSINT analysis and research tool by Jose Pino

    Project mention: What are some other cool tools for beginners like me ? | reddit.com/r/HowToHack | 2021-04-29
  • GitHub repo scapy

    Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

    Project mention: What's the "best" coding language to know/learn? | reddit.com/r/hacking | 2021-06-15

    You can also manipulate them in higher languages or scripting such as Python. Check out Scapy as a good example of constructing packets from scratch. Python is powerful and also worth learning.

  • GitHub repo dirsearch

    Web path scanner

    Project mention: How to choose a web path scanner? [closed] | news.ycombinator.com | 2021-05-10
  • GitHub repo Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

    Project mention: Fail2ban doesn't work with Nftables on Debian 10 | reddit.com/r/debian | 2021-05-31

    Everything is described there https://github.com/fail2ban/fail2ban/issues/2741

  • GitHub repo opensnitch

    OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

    Project mention: Ist there a firewall for linux mint like tinyfirewall(windows)? | reddit.com/r/linux4noobs | 2021-06-15

    Yes, I see that now, thanks. https://github.com/evilsocket/opensnitch/wiki/Installation

  • GitHub repo OnionShare

    Securely and anonymously share files, host websites, and chat with friends using the Tor network

    Project mention: Building Onionshare 2.3.2 PKGBUILD with edited oficial 2.2 PKGBUILD | reddit.com/r/archlinux | 2021-06-15

    pkgname=onionshare pkgver=2.3.2 pkgrel=1 pkgdesc='Share a file over Tor Hidden Services anonymously and securely' url='https://github.com/micahflee/onionshare' arch=('any') license=('GPL3') depends=('python' 'hicolor-icon-theme' 'tor' 'stem' 'python-requests' 'python-pysocks' 'python-flask' 'python-flask-httpauth' 'python-pycryptodome' 'python-pyqt5') makedepends=('python-setuptools') optdepends=( 'python-nautilus: enable Nautilus right-click extension' 'obfs4proxy: tor bridge support' ) checkdepends=('python-pytest') source=(https://github.com/micahflee/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.gz https://github.com/micahflee/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.gz.asc) sha512sums=('995b0be9236e201fce4b72f0571274a5525c87d134cf8a99c5eab2724828f91c81c14f0179ccfa20f142460d6ff9c5aad5dc154bdb9029c5f1a91b66fbe42ded' 'SKIP') b2sums=('5388f184e368b7bf37512029bd0834cbd10dcaed103952b3c11d157568f0d1377782d2efb637a5f221ce116fe05aa2a289aa5231e24665c534ab7ed300937fd0' 'SKIP')

  • GitHub repo maltrail

    Malicious traffic detection system

    Project mention: How do you run self-hosted software? | reddit.com/r/selfhosted | 2021-02-15

    last docker discovery : maltrail (https://github.com/stamparm/maltrail , about to be moved from VM to docker)

  • GitHub repo objection

    📱 objection - runtime mobile exploration

    Project mention: Any signs of someone hacking you? | reddit.com/r/hacking | 2021-03-31
  • GitHub repo sigma

    Generic Signature Format for SIEM Systems

    Project mention: Detecting Rclone – An Effective Tool for Exfiltration - detecting rclone via Sigma rules - which is a precursor step for some threat actors to do their exfil before ransomware deployment | reddit.com/r/netsec | 2021-05-28

    Its a Florian Roth project on Github. Essentially abstracted rules to detect malicious activity that you can convert to a SIEM with configuration files. https://github.com/SigmaHQ/sigma

  • GitHub repo cowrie

    Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

    Project mention: Where to find C malware source code | reddit.com/r/Malware | 2021-05-23

    Consider setting up honeypots like Cowrie - https://github.com/cowrie/cowrie - and collecting your own samples from the Internet too.

  • GitHub repo CTFd

    CTFs as you need them

    Project mention: CTF Platform Advice | reddit.com/r/securityCTF | 2021-04-18

    Obviously, I'm biased to CTFd. I think it works very well for covering most CTF use cases. And if you find it doesnt do exactly what you want, you can customize it if you're familiar with Python & JS. And there will be some improvements in the next minor release for improving the JS side since I know that's a tough spot right now.

  • GitHub repo bandit

    Bandit is a tool designed to find common security issues in Python code.

    Project mention: Python code review checklist | dev.to | 2021-03-30

    One of the renowned security analyzers for Python is Bandit. Also, if you use GitHub for hosting code, you should absolutely read this guide about setting up vulnerability detection and Dependabot for your codebase.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-06-15.

Index

What are some of the best open-source Security projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 25,042
2 mitmproxy 22,593
3 algo 20,908
4 SQLMap 20,325
5 macOS-Security-and-Privacy-Guide 18,133
6 hosts 18,104
7 CheatSheetSeries 17,270
8 wifiphisher 9,851
9 routersploit 9,440
10 Mailpile 8,408
11 urh 7,322
12 trape 6,427
13 scapy 6,343
14 dirsearch 6,239
15 Fail2Ban 6,146
16 opensnitch 6,039
17 OnionShare 4,572
18 maltrail 4,042
19 objection 3,807
20 sigma 3,655
21 cowrie 3,612
22 CTFd 3,404
23 bandit 3,284