Python Infosec

Open-source Python projects categorized as Infosec

Top 23 Python Infosec Projects

  1. sherlock

    Hunt down social media accounts by username across social networks

    Project mention: Sherlock: Hunt down social media accounts by username across 400 social networks | news.ycombinator.com | 2024-12-25

    the only data needed are the urls from https://github.com/sherlock-project/sherlock/blob/master/she...

    [1] https://www.reddit.com/r/github/comments/1at9br4/i_am_new_to...

  2. Judoscale

    Save 47% on cloud hosting with autoscaling that just works. Judoscale integrates with Django, FastAPI, Celery, and RQ to make autoscaling easy and reliable. Save big, and say goodbye to request timeouts and backed-up task queues.

    Judoscale logo
  3. spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: SpiderFoot automates OSINT for threat intelligence | news.ycombinator.com | 2024-07-03

    Some would disagree with that statement: <https://github.com/smicallef/spiderfoot/issues>

      The little development on the project is probably due to it's age.

  4. dirsearch

    Web path scanner

  5. routersploit

    Exploitation Framework for Embedded Devices

  6. Awesome-WAF

    🔥 Web-application firewalls (WAFs) from security standpoint.

    Project mention: 5 Best Free and Open Source WAF for 2025 | dev.to | 2024-09-18

    Link: Awesome-WAF on GitHub

  7. DefaultCreds-cheat-sheet

    One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

  8. faraday

    Open Source Vulnerability Management Platform (by infobyte)

  9. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  10. can-i-take-over-xyz

    "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

  11. NetExec

    The Network Execution Tool

    Project mention: Hack The Box Writeup: Heist | dev.to | 2024-07-05

    NOTE: The last time I rooted this machine, it was July 2023. At time of editing, (July 2024), CrackMapExec has been deprecated, and it's generally recommended to use NetExec (NXC). The syntax should be very similar, and it should get you through this portion of the writeup.

  12. LinkFinder

    A python script that finds endpoints in JavaScript files

  13. snoop

    Snoop — инструмент разведки на основе открытых данных (OSINT world)

  14. Malcolm

    Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

  15. cicd-goat

    A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

  16. yeti

    Your Everyday Threat Intelligence

  17. Bashfuscator

    A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

  18. Name-That-Hash

    🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

  19. Hunting-Queries-Detection-Rules

    KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

  20. Search-That-Hash

    🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

  21. mongoaudit

    🔥 A powerful MongoDB auditing and pentesting tool 🔥

  22. passphrase-wordlist

    Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

  23. PlumHound

    Bloodhound Reporting for Blue and Purple Teams

  24. DumpsterFire

    "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

  25. WebMap

    WebMap-Nmap Web Dashboard and Reporting

  26. InfluxDB

    InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.

    InfluxDB logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python Infosec discussion

Log in or Post with

Python Infosec related posts

  • SpiderFoot automates OSINT for threat intelligence

    2 projects | news.ycombinator.com | 3 Jul 2024
  • Show HN: Automatic security lookups from your clipboard

    1 project | news.ycombinator.com | 3 Jan 2024
  • How to add a man page to your Ruby project, using kramdown-man and markdown

    2 projects | /r/ruby | 6 Dec 2023
  • CI/CD Access All Areas?

    1 project | dev.to | 23 Sep 2023
  • That is why utilizing Tails OS (and Whonix OS) in a combination with automated data self-destruction is always worthwhile…

    3 projects | /r/opsec | 22 Apr 2023
  • GitHub - adityatelange/htb-writeups-fetcher: Automated Script with GitHub actions to fetch official #HackTheBox write-ups after the box is **retired**.

    1 project | /r/netsec | 2 Feb 2023
  • Wordlists

    4 projects | /r/hacking | 29 Jan 2023
  • A note from our sponsor - Judoscale
    judoscale.com | 29 Apr 2025
    Judoscale integrates with Django, FastAPI, Celery, and RQ to make autoscaling easy and reliable. Save big, and say goodbye to request timeouts and backed-up task queues. Learn more →

Index

What are some of the best open-source Infosec projects in Python? This list will help you:

# Project Stars
1 sherlock 63,843
2 spiderfoot 14,215
3 dirsearch 12,825
4 routersploit 12,485
5 Awesome-WAF 6,615
6 DefaultCreds-cheat-sheet 6,053
7 faraday 5,373
8 can-i-take-over-xyz 5,130
9 NetExec 4,088
10 LinkFinder 3,891
11 snoop 3,328
12 Malcolm 2,101
13 cicd-goat 2,054
14 yeti 1,846
15 Bashfuscator 1,726
16 Name-That-Hash 1,545
17 Hunting-Queries-Detection-Rules 1,429
18 Search-That-Hash 1,344
19 mongoaudit 1,323
20 passphrase-wordlist 1,253
21 PlumHound 1,176
22 DumpsterFire 1,006
23 WebMap 999

Sponsored
Save 47% on cloud hosting with autoscaling that just works
Judoscale integrates with Django, FastAPI, Celery, and RQ to make autoscaling easy and reliable. Save big, and say goodbye to request timeouts and backed-up task queues.
judoscale.com

Did you know that Python is
the 2nd most popular programming language
based on number of references?