Top 23 Python Security Projects
A list of useful payloads and bypass for Web Application Security and Pentest/CTFProject mention: Resources to get you started in Cybersecurity (for free). | dev.to | 2021-02-22
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.Project mention: What's the best book or other resource on webAPI pentesting? | reddit.com/r/Pentesting | 2021-02-23
API testing has some interesting overlap with mobile pentesting too. You can proxy your phone with a tool like MITMProxy and look at the HTTP Method Requests going to the server from your device. If you're handy with Python MITMproxy has some extensibility capabilities and you could even get it to behave like a janky Burpsuite clone. If i'm not mistaken, projects like McBroken which find broken McDonalds Ice Cream Machines were only possible because Mobile application actions were sniffed and mapped to create the appropriate responses and aggregate the data necessary.
Get performance insights in less than 4 minutes. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
Set up a personal VPN in the cloudProject mention: VPN setup? | reddit.com/r/Ubiquiti | 2021-02-17
If you haven’t already looked into what to use on the other side to terminate the VPN in AWS (or wherever) I highly recommend AlgoVPN for both the ease of provisioning and deployment and the “pretty darn hard to deploy it insecurely” factor. It supports only IKEv2 and WireGuard very deliberately
Automatic SQL injection and database takeover toolProject mention: Iam building a form with a database and try to validate and make it secure. But how can I test it/hack my own form? | reddit.com/r/PHPhelp | 2021-02-10
sqlmap can be used to test for SQL injections.
Guide to securing and improving privacy on macOSProject mention: Spy pixels in emails 'have become endemic' | news.ycombinator.com | 2021-02-16
macOS Mail.app -> Preferences -> Viewing -> Uncheck "Load remote content in messages"
Privacy defaults come down to usability vs. privacy; Apple making this so easy to toggle is fine by me as I care about privacy and tracking.
Now, it would be great if every macOS application walked you through privacy settings right after installation in the same way that I am offered a tour of the new features. Since there is no such "privacy tour", the community has discussed ways in which macOS can be hardened , .
Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.Project mention: Fandom Acquires Fanatical | reddit.com/r/pcgaming | 2021-02-24
I had to resort to hosts files just because of Fandom. The in-game browser is much more usable now.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.Project mention: OWASP Cheat Sheet Series | reddit.com/r/patient_hackernews | 2021-02-15
The Rogue Access Point FrameworkProject mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10
You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.
Exploitation Framework for Embedded DevicesProject mention: [Discussion] Anyone managed to get RouterSploit working on iOS? Or know something that works? | reddit.com/r/jailbreak | 2021-01-04
A free & open modern, fast email client with user-friendly encryption and privacy featuresProject mention: We need better open source e-mail clients! | reddit.com/r/privacytoolsIO | 2021-02-02
Mailpile.is comes to mind. Their Twitter account is inactive since 2018, but they did fix some things on Github in November of 2020: https://github.com/mailpile/Mailpile/
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
Daemon to ban hosts that cause multiple authentication errors
OpenSnitch is a GNU/Linux port of the Little Snitch application firewallProject mention: limit outgoing trafic for 1 aplication? | reddit.com/r/linuxquestions | 2021-02-24
Universal Radio Hacker: Investigate Wireless Protocols Like A BossProject mention: What is this 433MHz signal? | reddit.com/r/RTLSDR | 2020-12-22
Web path scannerProject mention: What is a self-request of a review in a Github PR? | reddit.com/r/github | 2021-02-23
An adversarial example library for constructing attacks, building defenses, and benchmarking bothProject mention: [D] Testing a model's robustness to adversarial attacks | reddit.com/r/MachineLearning | 2021-01-30
Depending on what attacks you want I've found both https://github.com/cleverhans-lab/cleverhans and https://github.com/Trusted-AI/adversarial-robustness-toolbox to be useful.
Malicious traffic detection systemProject mention: How do you run self-hosted software? | reddit.com/r/selfhosted | 2021-02-15
last docker discovery : maltrail (https://github.com/stamparm/maltrail , about to be moved from VM to docker)
Generic Signature Format for SIEM SystemsProject mention: detecting mimikatz | reddit.com/r/Splunk | 2021-02-18
Check out https://github.com/Neo23x0/sigma
Multi-Cloud Security Auditing ToolProject mention: ScoutSuite: A Security Audit Tool for Azure | dev.to | 2021-02-16
$ git clone https://github.com/nccgroup/ScoutSuite $ cd ScoutSuite $ virtualenv -p python3 venv $ source venv/bin/activate $ pip install -r requirements.txt $ python scout.py --help
Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda functionProject mention: Why SSH certificates are awesome | dev.to | 2020-11-03
3. BLESS - By Netflix
Safely pass trusted data to untrusted environments and back.
Network recon framework.
What are some of the best open-source Security projects in Python? This list will help you: