Python Infosec

Open-source Python projects categorized as Infosec Edit details

Top 23 Python Infosec Projects

  • routersploit

    Exploitation Framework for Embedded Devices

    Project mention: My neighbor is causing trouble in the neighborhood | reddit.com/r/hacking | 2022-06-18

    Also check the routersploit, they have some scanners, to check for vulnerabilities. https://github.com/threat9/routersploit

  • dirsearch

    Web path scanner

    Project mention: Release dirsearch v0.4.2 - Web Path Scanner | reddit.com/r/netsec | 2021-09-12
  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: Social media | reddit.com/r/OSINT | 2022-06-10

    Spiderfoot is good https://github.com/smicallef/spiderfoot

  • faraday

    Collaborative Penetration Test and Vulnerability Management Platform (by infobyte)

    Project mention: Recommendation for Vulnerability Management Solution | reddit.com/r/netsecstudents | 2022-04-08

    Faraday: https://github.com/infobyte/faraday

  • LinkFinder

    A python script that finds endpoints in JavaScript files

    Project mention: Linx – Reveals invisible links within JavaScript files | news.ycombinator.com | 2022-06-27

    Says it's inspired by "LinkFinder", which was useful in dredging up what the original purpose of the tool was: https://gerbenjavado.com/discovering-hidden-content-using-li...

  • S3Scanner

    Scan for open S3 buckets and dump the contents

    Project mention: S3 Scanner: A utility for identifying insecure bucket permissions | reddit.com/r/aws | 2022-05-18

    I am not sure if this is open source and if it isn't, why would you give your bucket name into it? say you did have an insecure bucket, how do you know this site won't download all the contents of it? There are a number of open source tool that do the same thing, here's one https://github.com/sa7mon/S3Scanner

  • snoop

    Snoop — инструмент разведки на основе открытых данных (OSINT world)

    Project mention: Tool das alle mit E-Mail verknüpfte Accounts auflistet? | reddit.com/r/de_EDV | 2022-06-22
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • mongoaudit

    🔥 A powerful MongoDB auditing and pentesting tool 🔥

  • Name-That-Hash

    🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

    Project mention: Need some information about a password hash | reddit.com/r/Hacking_Tutorials | 2021-09-11

    This is what I use to identify hashes I am unfamiliar with. https://github.com/HashPals/Name-That-Hash

  • Search-That-Hash

    🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

  • kubestriker

    A Blazing fast Security Auditing tool for Kubernetes

    Project mention: Top 200 Kubernetes Tools for DevOps Engineer Like You | dev.to | 2022-01-15

    TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®

  • DumpsterFire

    "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

    Project mention: How to keep a SOC on their toes | reddit.com/r/AskNetsec | 2021-11-18
  • passphrase-wordlist

    Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

    Project mention: Kio faras bonan pasvorton (tago 25) | reddit.com/r/WriteStreakEsperanto | 2021-12-22

    Mi diris al vi pri Diceware hieraŭ. Direware estas bona, sed mi pensas ke oni povus fari ŝanĝiĝojn de pasfrazo el similaj programoj. Ekzemple, misliterumu unu aŭ du vortojn, kompletigi vorton aŭ preni parton de la pasvorto el libro. Ĉi tiu frazo povas esti romano, poemo, matematika libro, ktp. Se oni volas, oni povus preni unu vorto el libro po. Nur uzi pasfrazojn el Diceware ne estas tiel sekura kiel oni eble pensas. Do mi rekomendas ĉiuj ajn fari malgrandaj ŝanĝiĝojn de pasfrazoj el programoj kiel Diceware.

  • WebMap

    WebMap-Nmap Web Dashboard and Reporting

    Project mention: nmap xsl stylesheet ... but pretty? | reddit.com/r/nmap | 2022-04-13

    What kind of info do you need to display? Zenmap can import Nmap scan results and shows the results in several different tabular formats. There are lots of programming language libraries and plugins for loading and processing Nmap results. Ndiff is one for Python 2, but you can usually find one in any language you are comfortable with. Loading the results into a database might be better if you want to be able to produce reports based on the results. Tools like Dradis and WebMap can do this automatically.

  • natlas

    Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

    Project mention: Passive network device discovery | reddit.com/r/cybersecurity | 2021-11-02

    Natlas was basically built for exactly this use case. Docker-compose file in the repo so you can set up as containers in Windows. https://github.com/natlas/natlas

  • iKy

    OSINT Project (by kennbroorg)

    Project mention: Trying to find out if this small program will run on Windows and I'm not sure where to ask. Documentation only has linux commands in it, but I got it mostly working, with some issues, so I'm not sure. Can anyone help? | reddit.com/r/techsupport | 2022-04-20

    Github: https://github.com/kennbroorg/iKy

  • StalkPhish

    StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

    Project mention: How to Iidentify zero day phishing URLs | reddit.com/r/phishing | 2022-04-15

    Using Stalkphish.io, or the OSS version https://github.com/t4d/StalkPhish

  • basecrack

    Decode All Bases - Base Scheme Decoder

    Project mention: basecrack VS python-codext - a user suggested alternative | libhunt.com/r/basecrack | 2022-02-06
  • hackthebox

    Notes Taken for HTB Machines & InfoSec Community.

  • CVE-2022-26134

    [PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE) (by Nwqda)

    Project mention: CVE-2022-26134 – Confluence Zero Day Remote Code Execution - live threat | reddit.com/r/blueteamsec | 2022-06-04
  • dora

    Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

    Project mention: Created a tool to find exposed API keys based on RegEx and get exploitation methods for some of keys that are found | reddit.com/r/HowToHack | 2021-12-19
  • gitlab-watchman

    Monitoring GitLab for sensitive data shared publicly

  • pandora

    Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results (by pandora-analysis)

    Project mention: Pandora is an analysis framework to discover if a file is suspicious | news.ycombinator.com | 2022-05-30

    It appears to hash the file locally, then look it up on a number of aggregators (or local scanner such as clamav), see: https://github.com/pandora-analysis/pandora/tree/main/pandor... for list.

    You will need to be subscribed to those services that are not free and have API keys for each one.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-06-27.

Python Infosec related posts

Index

What are some of the best open-source Infosec projects in Python? This list will help you:

Project Stars
1 routersploit 10,307
2 dirsearch 8,155
3 spiderfoot 8,100
4 faraday 3,361
5 LinkFinder 2,548
6 S3Scanner 1,825
7 snoop 1,464
8 mongoaudit 1,252
9 Name-That-Hash 1,063
10 Search-That-Hash 988
11 kubestriker 900
12 DumpsterFire 846
13 passphrase-wordlist 769
14 WebMap 542
15 natlas 518
16 iKy 427
17 StalkPhish 378
18 basecrack 336
19 hackthebox 265
20 CVE-2022-26134 233
21 dora 206
22 gitlab-watchman 161
23 pandora 116
Find remote jobs at our new job board 99remotejobs.com. There are 2 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com