Top 9 Python Appsec Projects
-
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
-
Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
-
mi-x
Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
Cross Site Scripting Prevention Cheat Sheet from OWASP Cheat Sheet Series
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
Project mention: HoneyPot – I Made a Text Field Only Bots Use – Heres What Happened | news.ycombinator.com | 2023-11-18Yes, a lot of tools, including some like w3af do:
https://github.com/andresriancho/w3af/blob/fb345a5/w3af/core...
This one sends the payload reversed as a test to see if the delay is due to the SQLi attempt
In this blog post, we want to explore what happens if a development machine gets compromised, granting an attacker write access to source code repositories. To experience this first-hand, we're using CI/CD Goat, and one of the CTF challenges to play through the scenario of an attacker gaining access to sensitive data within build infrastructure.
Python Appsec related posts
-
CI/CD Access All Areas?
-
Rezilion/mi-x: Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
-
MI-X - Determine whether your compute is truly vulnerable to a specific vulnerability
-
Test a TLS server: check the security of your SSL/TLS services
Index
What are some of the best open-source Appsec projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | CheatSheetSeries | 26,660 |
2 | dirsearch | 11,306 |
3 | faraday | 4,634 |
4 | w3af | 4,409 |
5 | cicd-goat | 1,816 |
6 | Spoofy | 542 |
7 | mi-x | 142 |
8 | cryptonice | 98 |
9 | ziti-sdk-py | 61 |
Sponsored