Top 23 Python Security Projects
A list of useful payloads and bypass for Web Application Security and Pentest/CTFProject mention: Is there an extensive checklist of web vulnerabilities? | reddit.com/r/Hacking_Tutorials | 2021-06-08
Its not a "checklist" but maybe it can help https://github.com/swisskyrepo/PayloadsAllTheThings/
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.Project mention: "Microsoft-CryptoAPI/10.0" sending a number of strange requests. Do I have malware? | reddit.com/r/techsupport | 2021-05-24
I was running mitmproxy (mitmweb) on my Windows 10 computer to monitor requests it was sending, and I noticed that it would periodically send GET requests with the User-Agent headers set to Microsoft-CryptoAPI/10.0 to these URLs:
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
Set up a personal VPN in the cloudProject mention: Should we use a VPN for staking at home ? | reddit.com/r/ethstaker | 2021-06-08
Unless you build your own VPN (https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/) you are basically choosing either trusting ISP vs trusting hard-to-get-info-on company.
Automatic SQL injection and database takeover toolProject mention: sqlmap cannot find inject on the testfire.net | reddit.com/r/Kalilinux | 2021-05-12
I found the same question on GitHub, but the payload given in the answer doesn't work.
Guide to securing and improving privacy on macOSProject mention: need some advice - should I do a fresh install? | reddit.com/r/privacytoolsIO | 2021-05-27
Clean install on Mac is easy, I don't see why it should be a problem. Also, MacOS Security and Privacy Guide could be extremely important for you during initial setup.
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.Project mention: I can't stop watching porn. | reddit.com/r/TrueChristian | 2021-06-14
Use OpenDNS Family Shield or setup a local host file like Steven Black's to block access to porn sites.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.Project mention: Proxy for protection | reddit.com/r/networking | 2021-04-01
The other thing you want to do is learn what the possible attacks are, and how to mitigate them. Owasp has some great resources for starters: https://owasp.org/www-project-top-ten/ https://cheatsheetseries.owasp.org/
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
The Rogue Access Point FrameworkProject mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10
You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.
Exploitation Framework for Embedded DevicesProject mention: Router login crack without password list | reddit.com/r/hacking | 2021-04-18
try routersploit out for exploits thag don’t have to do with wordlists and stuff, rly good tool
A free & open modern, fast email client with user-friendly encryption and privacy featuresProject mention: We need better open source e-mail clients! | reddit.com/r/privacytoolsIO | 2021-02-02
Mailpile.is comes to mind. Their Twitter account is inactive since 2018, but they did fix some things on Github in November of 2020: https://github.com/mailpile/Mailpile/
Universal Radio Hacker: Investigate Wireless Protocols Like A BossProject mention: Help transmitting VDL Mode 2 messages | reddit.com/r/RTLSDR | 2021-05-11
Sorry but (re-)transmitting VDL2 messages is really a bad idea. Spoofing ADSB/ACARS/GPS/GSM signals is totally out-of-law in most countries. If you want to retransmit previously recorded signal, you just have to record and replay IQ using hackRF tools or use URH. Perhaps tx_sdr will give you more clues to learn encoding/decoding, using rtl_433 as companion to decode. Use it on 434MHz (ISM band), which is allowed to anyone using low RF power. Do not expect more help on this subreddit for non-legal stuff.
People tracker on the Internet: OSINT analysis and research tool by Jose PinoProject mention: What are some other cool tools for beginners like me ? | reddit.com/r/HowToHack | 2021-04-29
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.Project mention: What's the "best" coding language to know/learn? | reddit.com/r/hacking | 2021-06-15
You can also manipulate them in higher languages or scripting such as Python. Check out Scapy as a good example of constructing packets from scratch. Python is powerful and also worth learning.
Web path scannerProject mention: How to choose a web path scanner? [closed] | news.ycombinator.com | 2021-05-10
Daemon to ban hosts that cause multiple authentication errorsProject mention: Fail2ban doesn't work with Nftables on Debian 10 | reddit.com/r/debian | 2021-05-31
Everything is described there https://github.com/fail2ban/fail2ban/issues/2741
OpenSnitch is a GNU/Linux port of the Little Snitch application firewallProject mention: Ist there a firewall for linux mint like tinyfirewall(windows)? | reddit.com/r/linux4noobs | 2021-06-15
Yes, I see that now, thanks. https://github.com/evilsocket/opensnitch/wiki/Installation
Malicious traffic detection systemProject mention: How do you run self-hosted software? | reddit.com/r/selfhosted | 2021-02-15
last docker discovery : maltrail (https://github.com/stamparm/maltrail , about to be moved from VM to docker)
📱 objection - runtime mobile explorationProject mention: Any signs of someone hacking you? | reddit.com/r/hacking | 2021-03-31
Generic Signature Format for SIEM SystemsProject mention: Detecting Rclone – An Effective Tool for Exfiltration - detecting rclone via Sigma rules - which is a precursor step for some threat actors to do their exfil before ransomware deployment | reddit.com/r/netsec | 2021-05-28
Its a Florian Roth project on Github. Essentially abstracted rules to detect malicious activity that you can convert to a SIEM with configuration files. https://github.com/SigmaHQ/sigma
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.ioProject mention: Where to find C malware source code | reddit.com/r/Malware | 2021-05-23
Consider setting up honeypots like Cowrie - https://github.com/cowrie/cowrie - and collecting your own samples from the Internet too.
CTFs as you need themProject mention: CTF Platform Advice | reddit.com/r/securityCTF | 2021-04-18
Obviously, I'm biased to CTFd. I think it works very well for covering most CTF use cases. And if you find it doesnt do exactly what you want, you can customize it if you're familiar with Python & JS. And there will be some improvements in the next minor release for improving the JS side since I know that's a tough spot right now.
Bandit is a tool designed to find common security issues in Python code.Project mention: Python code review checklist | dev.to | 2021-03-30
One of the renowned security analyzers for Python is Bandit. Also, if you use GitHub for hosting code, you should absolutely read this guide about setting up vulnerability detection and Dependabot for your codebase.
What are some of the best open-source Security projects in Python? This list will help you: