Python Infosec

Open-source Python projects categorized as Infosec
Edit details
Topics: #Security #Cybersecurity #Python #Pentesting #security-tools
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com
Sponsored

Top 23 Python Infosec Projects

  • routersploit

    Exploitation Framework for Embedded Devices

    Project mention: I forgot my Router's password and I can just press Reset Button on router.. but is there any fun way to change the password? I know the Wifi's Username/Pass and Router's admin name. | /r/HowToHack | 2023-01-12

  • dirsearch

    Web path scanner

    Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22

    DirSearch

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: piece of software to find /crawl information about yourself? | /r/opsec | 2023-04-10

    I’d suggest Spiderfoot.

  • Awesome-WAF

    🔥 Web-application firewalls (WAFs) from security standpoint.

    Project mention: xss waf bypass | /r/hacking | 2022-07-24

    This: https://github.com/0xInfection/Awesome-WAF

  • DefaultCreds-cheat-sheet

    One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

    Project mention: Database of default usernames and passwords? | /r/hacking | 2023-02-10

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

    Project mention: Penetration Testing Report | /r/Pentesting | 2022-12-20

    or you can also use our open source version: https://github.com/infobyte/faraday

  • can-i-take-over-xyz

    "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

    Project mention: Books for pentesting and bug Bounty | /r/cybersecurity | 2022-08-28

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • LinkFinder

    A python script that finds endpoints in JavaScript files

    Project mention: Linx – Reveals invisible links within JavaScript files | news.ycombinator.com | 2022-06-27

    Says it's inspired by "LinkFinder", which was useful in dredging up what the original purpose of the tool was: https://gerbenjavado.com/discovering-hidden-content-using-li...

  • S3Scanner

    Scan for open S3 buckets and dump the contents

    Project mention: sa7mon/S3Scanner: Scan for open S3 buckets and dump the contents | /r/PrivateCyberMiliTec | 2022-11-03

  • snoop

    Snoop — инструмент разведки на основе открытых данных (OSINT world)

    Project mention: OSINT Tool that searches by nickname on 2800+ sites Spanish translation | /r/OSINT | 2023-03-16

    repositorio

  • cicd-goat

    A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

    Project mention: New challenge added to the CI/CD Goat CTF | /r/hacking | 2022-11-16

  • yeti

    Your Everyday Threat Intelligence

    Project mention: Yeti: Organize observables, indicators of compromise, TTPs, and threats | news.ycombinator.com | 2022-10-17

  • mongoaudit

    🔥 A powerful MongoDB auditing and pentesting tool 🔥

  • Name-That-Hash

    🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

    Project mention: Hash question - How do you know?! | /r/tryhackme | 2022-11-05

    A tool called name that hash https://nth.skerritt.blog

  • Bashfuscator

    A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

    Project mention: Please be gentle | /r/ProgrammerHumor | 2022-09-15

    Try and figure out what this does... I used a tool I wrote years ago called Bashfuscator to create it: https://github.com/Bashfuscator/Bashfuscator

  • Search-That-Hash

    🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

    Project mention: New to hashcracking and feeling stuck, pls backseat me :) [MD5] | /r/HashCracking | 2022-10-06

    Search That Hash found 1/4 ('0pensesam3', not surprising, since rockyou has 'opensesam' and you get there with just so0 and $3 as rules)

  • passphrase-wordlist

    Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

  • kubestriker

    A Blazing fast Security Auditing tool for Kubernetes

  • DumpsterFire

    "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

    Project mention: If you could name 5 tools/software worth learning for a cybersecurity analyst to become more employable, what would they be? | /r/cybersecurity | 2022-07-24

    https://github.com/TryCatchHCF/DumpsterFire The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled "live fire" range events. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

  • WebMap

    WebMap-Nmap Web Dashboard and Reporting

    Project mention: Mapping out a network | /r/sysadmin | 2022-10-24

    WebMap will let you import your xml file to view a visualized network map.

  • iKy

    OSINT Project (by kennbroorg)

  • natlas

    Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

    Project mention: Shodan | /r/HowToHack | 2022-08-25

  • StalkPhish

    StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-05-22.

Python Infosec related posts

Index

What are some of the best open-source Infosec projects in Python? This list will help you:

Project Stars
1 routersploit 11,136
2 dirsearch 9,771
3 spiderfoot 9,716
4 Awesome-WAF 5,230
5 DefaultCreds-cheat-sheet 4,035
6 faraday 3,982
7 can-i-take-over-xyz 3,950
8 LinkFinder 3,012
9 S3Scanner 2,046
10 snoop 1,872
11 cicd-goat 1,512
12 yeti 1,401
13 mongoaudit 1,278
14 Name-That-Hash 1,276
15 Bashfuscator 1,161
16 Search-That-Hash 1,131
17 passphrase-wordlist 943
18 kubestriker 942
19 DumpsterFire 921
20 WebMap 673
21 iKy 604
22 natlas 581
23 StalkPhish 431

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com