Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression. Learn more →
Top 23 Python Infosec Projects
-
Project mention: I forgot my Router's password and I can just press Reset Button on router.. but is there any fun way to change the password? I know the Wifi's Username/Pass and Router's admin name. | /r/HowToHack | 2023-01-12
-
Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22
DirSearch
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
Project mention: piece of software to find /crawl information about yourself? | /r/opsec | 2023-04-10
I’d suggest Spiderfoot.
-
This: https://github.com/0xInfection/Awesome-WAF
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
or you can also use our open source version: https://github.com/infobyte/faraday
-
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
Project mention: Linx – Reveals invisible links within JavaScript files | news.ycombinator.com | 2022-06-27
Says it's inspired by "LinkFinder", which was useful in dredging up what the original purpose of the tool was: https://gerbenjavado.com/discovering-hidden-content-using-li...
-
Project mention: sa7mon/S3Scanner: Scan for open S3 buckets and dump the contents | /r/PrivateCyberMiliTec | 2022-11-03
-
Project mention: OSINT Tool that searches by nickname on 2800+ sites Spanish translation | /r/OSINT | 2023-03-16
repositorio
-
cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
-
Project mention: Yeti: Organize observables, indicators of compromise, TTPs, and threats | news.ycombinator.com | 2022-10-17
-
-
Name-That-Hash
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
A tool called name that hash https://nth.skerritt.blog
-
Bashfuscator
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Try and figure out what this does... I used a tool I wrote years ago called Bashfuscator to create it: https://github.com/Bashfuscator/Bashfuscator
-
Search-That-Hash
🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
Project mention: New to hashcracking and feeling stuck, pls backseat me :) [MD5] | /r/HashCracking | 2022-10-06Search That Hash found 1/4 ('0pensesam3', not surprising, since rockyou has 'opensesam' and you get there with just so0 and $3 as rules)
-
passphrase-wordlist
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
-
-
DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Project mention: If you could name 5 tools/software worth learning for a cybersecurity analyst to become more employable, what would they be? | /r/cybersecurity | 2022-07-24https://github.com/TryCatchHCF/DumpsterFire The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled "live fire" range events. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
-
WebMap will let you import your xml file to view a visualized network map.
-
-
natlas
Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Python Infosec related posts
- That is why utilizing Tails OS (and Whonix OS) in a combination with automated data self-destruction is always worthwhile…
- GitHub - adityatelange/htb-writeups-fetcher: Automated Script with GitHub actions to fetch official #HackTheBox write-ups after the box is **retired**.
- Wordlists
- I forgot my Router's password and I can just press Reset Button on router.. but is there any fun way to change the password? I know the Wifi's Username/Pass and Router's admin name.
- Is there a way to gain a router's webpage password and username?
- Hash question - How do you know?!
- sa7mon/S3Scanner: Scan for open S3 buckets and dump the contents
-
A note from our sponsor - InfluxDB
www.influxdata.com | 10 Jun 2023
Index
What are some of the best open-source Infosec projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | routersploit | 11,136 |
2 | dirsearch | 9,771 |
3 | spiderfoot | 9,716 |
4 | Awesome-WAF | 5,230 |
5 | DefaultCreds-cheat-sheet | 4,035 |
6 | faraday | 3,982 |
7 | can-i-take-over-xyz | 3,950 |
8 | LinkFinder | 3,012 |
9 | S3Scanner | 2,046 |
10 | snoop | 1,872 |
11 | cicd-goat | 1,512 |
12 | yeti | 1,401 |
13 | mongoaudit | 1,278 |
14 | Name-That-Hash | 1,276 |
15 | Bashfuscator | 1,161 |
16 | Search-That-Hash | 1,131 |
17 | passphrase-wordlist | 943 |
18 | kubestriker | 942 |
19 | DumpsterFire | 921 |
20 | WebMap | 673 |
21 | iKy | 604 |
22 | natlas | 581 |
23 | StalkPhish | 431 |