Python Security

Open-source Python projects categorized as Security

Top 23 Python Security Projects

  • GitHub repo PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: Resources to get you started in Cybersecurity (for free). | dev.to | 2021-02-22
  • GitHub repo mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: What's the best book or other resource on webAPI pentesting? | reddit.com/r/Pentesting | 2021-02-23

    API testing has some interesting overlap with mobile pentesting too. You can proxy your phone with a tool like MITMProxy and look at the HTTP Method Requests going to the server from your device. If you're handy with Python MITMproxy has some extensibility capabilities and you could even get it to behave like a janky Burpsuite clone. If i'm not mistaken, projects like McBroken which find broken McDonalds Ice Cream Machines were only possible because Mobile application actions were sniffed and mapped to create the appropriate responses and aggregate the data necessary.

  • Scout

    Get performance insights in less than 4 minutes. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo algo

    Set up a personal VPN in the cloud

    Project mention: VPN setup? | reddit.com/r/Ubiquiti | 2021-02-17

    If you haven’t already looked into what to use on the other side to terminate the VPN in AWS (or wherever) I highly recommend AlgoVPN for both the ease of provisioning and deployment and the “pretty darn hard to deploy it insecurely” factor. It supports only IKEv2 and WireGuard very deliberately

  • GitHub repo SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: Iam building a form with a database and try to validate and make it secure. But how can I test it/hack my own form? | reddit.com/r/PHPhelp | 2021-02-10

    sqlmap can be used to test for SQL injections.

  • GitHub repo macOS-Security-and-Privacy-Guide

    Guide to securing and improving privacy on macOS

    Project mention: Spy pixels in emails 'have become endemic' | news.ycombinator.com | 2021-02-16

    macOS Mail.app -> Preferences -> Viewing -> Uncheck "Load remote content in messages"

    Privacy defaults come down to usability vs. privacy; Apple making this so easy to toggle is fine by me as I care about privacy and tracking.

    Now, it would be great if every macOS application walked you through privacy settings right after installation in the same way that I am offered a tour of the new features. Since there is no such "privacy tour", the community has discussed ways in which macOS can be hardened [1], [2].

    1. https://github.com/drduh/macOS-Security-and-Privacy-Guide

    2. https://news.ycombinator.com/item?id=18099835

  • GitHub repo hosts

    Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

    Project mention: Fandom Acquires Fanatical | reddit.com/r/pcgaming | 2021-02-24

    I had to resort to hosts files just because of Fandom. The in-game browser is much more usable now.

  • GitHub repo CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: OWASP Cheat Sheet Series | reddit.com/r/patient_hackernews | 2021-02-15
  • GitHub repo wifiphisher

    The Rogue Access Point Framework

    Project mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10

    You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.

  • GitHub repo routersploit

    Exploitation Framework for Embedded Devices

    Project mention: [Discussion] Anyone managed to get RouterSploit working on iOS? Or know something that works? | reddit.com/r/jailbreak | 2021-01-04
  • GitHub repo Mailpile

    A free & open modern, fast email client with user-friendly encryption and privacy features

    Project mention: We need better open source e-mail clients! | reddit.com/r/privacytoolsIO | 2021-02-02

    Mailpile.is comes to mind. Their Twitter account is inactive since 2018, but they did fix some things on Github in November of 2020: https://github.com/mailpile/Mailpile/

  • GitHub repo scapy

    Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

  • GitHub repo Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

  • GitHub repo opensnitch

    OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

    Project mention: limit outgoing trafic for 1 aplication? | reddit.com/r/linuxquestions | 2021-02-24

    try https://github.com/evilsocket/opensnitch

  • GitHub repo urh

    Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

    Project mention: What is this 433MHz signal? | reddit.com/r/RTLSDR | 2020-12-22
  • GitHub repo dirsearch

    Web path scanner

    Project mention: What is a self-request of a review in a Github PR? | reddit.com/r/github | 2021-02-23
  • GitHub repo cleverhans

    An adversarial example library for constructing attacks, building defenses, and benchmarking both

    Project mention: [D] Testing a model's robustness to adversarial attacks | reddit.com/r/MachineLearning | 2021-01-30

    Depending on what attacks you want I've found both https://github.com/cleverhans-lab/cleverhans and https://github.com/Trusted-AI/adversarial-robustness-toolbox to be useful.

  • GitHub repo OnionShare

    Securely and anonymously share files, host websites, and chat with friends using the Tor network

    Project mention: Privacy Messenger - Signal vs Session | reddit.com/r/privacytoolsIO | 2021-02-24

    OnionShare

  • GitHub repo maltrail

    Malicious traffic detection system

    Project mention: How do you run self-hosted software? | reddit.com/r/selfhosted | 2021-02-15

    last docker discovery : maltrail (https://github.com/stamparm/maltrail , about to be moved from VM to docker)

  • GitHub repo sigma

    Generic Signature Format for SIEM Systems

    Project mention: detecting mimikatz | reddit.com/r/Splunk | 2021-02-18

    Check out https://github.com/Neo23x0/sigma

  • GitHub repo ScoutSuite

    Multi-Cloud Security Auditing Tool

    Project mention: ScoutSuite: A Security Audit Tool for Azure | dev.to | 2021-02-16

    $ git clone https://github.com/nccgroup/ScoutSuite $ cd ScoutSuite $ virtualenv -p python3 venv $ source venv/bin/activate $ pip install -r requirements.txt $ python scout.py --help

  • GitHub repo bless

    Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function

    Project mention: Why SSH certificates are awesome | dev.to | 2020-11-03

    3. BLESS - By Netflix

  • GitHub repo itsdangerous

    Safely pass trusted data to untrusted environments and back.

  • GitHub repo IVRE

    Network recon framework.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-02-24.

Index

What are some of the best open-source Security projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 22,186
2 mitmproxy 21,583
3 algo 20,152
4 SQLMap 19,427
5 macOS-Security-and-Privacy-Guide 17,751
6 hosts 17,277
7 CheatSheetSeries 15,349
8 wifiphisher 9,602
9 routersploit 9,032
10 Mailpile 8,334
11 scapy 6,022
12 Fail2Ban 5,838
13 opensnitch 5,694
14 urh 5,619
15 dirsearch 5,566
16 cleverhans 4,951
17 OnionShare 4,407
18 maltrail 3,921
19 sigma 3,250
20 ScoutSuite 2,771
21 bless 2,524
22 itsdangerous 2,133
23 IVRE 2,026