Top 23 Python Infosec Projects
-
Project mention: My neighbor is causing trouble in the neighborhood | reddit.com/r/hacking | 2022-06-18
Also check the routersploit, they have some scanners, to check for vulnerabilities. https://github.com/threat9/routersploit
-
-
SonarLint
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
-
Spiderfoot is good https://github.com/smicallef/spiderfoot
-
Project mention: Recommendation for Vulnerability Management Solution | reddit.com/r/netsecstudents | 2022-04-08
Faraday: https://github.com/infobyte/faraday
-
Project mention: Linx – Reveals invisible links within JavaScript files | news.ycombinator.com | 2022-06-27
Says it's inspired by "LinkFinder", which was useful in dredging up what the original purpose of the tool was: https://gerbenjavado.com/discovering-hidden-content-using-li...
-
Project mention: S3 Scanner: A utility for identifying insecure bucket permissions | reddit.com/r/aws | 2022-05-18
I am not sure if this is open source and if it isn't, why would you give your bucket name into it? say you did have an insecure bucket, how do you know this site won't download all the contents of it? There are a number of open source tool that do the same thing, here's one https://github.com/sa7mon/S3Scanner
-
Project mention: Tool das alle mit E-Mail verknüpfte Accounts auflistet? | reddit.com/r/de_EDV | 2022-06-22
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
-
Name-That-Hash
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
Project mention: Need some information about a password hash | reddit.com/r/Hacking_Tutorials | 2021-09-11This is what I use to identify hashes I am unfamiliar with. https://github.com/HashPals/Name-That-Hash
-
Search-That-Hash
🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
-
TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®
-
DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
-
passphrase-wordlist
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Project mention: Kio faras bonan pasvorton (tago 25) | reddit.com/r/WriteStreakEsperanto | 2021-12-22Mi diris al vi pri Diceware hieraŭ. Direware estas bona, sed mi pensas ke oni povus fari ŝanĝiĝojn de pasfrazo el similaj programoj. Ekzemple, misliterumu unu aŭ du vortojn, kompletigi vorton aŭ preni parton de la pasvorto el libro. Ĉi tiu frazo povas esti romano, poemo, matematika libro, ktp. Se oni volas, oni povus preni unu vorto el libro po. Nur uzi pasfrazojn el Diceware ne estas tiel sekura kiel oni eble pensas. Do mi rekomendas ĉiuj ajn fari malgrandaj ŝanĝiĝojn de pasfrazoj el programoj kiel Diceware.
-
What kind of info do you need to display? Zenmap can import Nmap scan results and shows the results in several different tabular formats. There are lots of programming language libraries and plugins for loading and processing Nmap results. Ndiff is one for Python 2, but you can usually find one in any language you are comfortable with. Loading the results into a database might be better if you want to be able to produce reports based on the results. Tools like Dradis and WebMap can do this automatically.
-
natlas
Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
Natlas was basically built for exactly this use case. Docker-compose file in the repo so you can set up as containers in Windows. https://github.com/natlas/natlas
-
Project mention: Trying to find out if this small program will run on Windows and I'm not sure where to ask. Documentation only has linux commands in it, but I got it mostly working, with some issues, so I'm not sure. Can anyone help? | reddit.com/r/techsupport | 2022-04-20
Github: https://github.com/kennbroorg/iKy
-
Using Stalkphish.io, or the OSS version https://github.com/t4d/StalkPhish
-
Project mention: basecrack VS python-codext - a user suggested alternative | libhunt.com/r/basecrack | 2022-02-06
-
-
CVE-2022-26134
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE) (by Nwqda)
Project mention: CVE-2022-26134 – Confluence Zero Day Remote Code Execution - live threat | reddit.com/r/blueteamsec | 2022-06-04 -
dora
Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Project mention: Created a tool to find exposed API keys based on RegEx and get exploitation methods for some of keys that are found | reddit.com/r/HowToHack | 2021-12-19 -
-
pandora
Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results (by pandora-analysis)
Project mention: Pandora is an analysis framework to discover if a file is suspicious | news.ycombinator.com | 2022-05-30It appears to hash the file locally, then look it up on a number of aggregators (or local scanner such as clamav), see: https://github.com/pandora-analysis/pandora/tree/main/pandor... for list.
You will need to be subscribed to those services that are not free and have API keys for each one.
Python Infosec related posts
- Linx – Reveals invisible links within JavaScript files
- My neighbor is causing trouble in the neighborhood
- DrayTek Bruteforce
- Pandora is an analysis framework to discover if a file is suspicious
- S3 Scanner: A utility for identifying insecure bucket permissions
- nmap xsl stylesheet ... but pretty?
- [OC] Data Exfiltration using RedDrop - A Python Webserver for file and data exfiltration which automatically detects, decodes, decrypts, and transforms data.
Index
What are some of the best open-source Infosec projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | routersploit | 10,307 |
| 2 | dirsearch | 8,155 |
| 3 | spiderfoot | 8,100 |
| 4 | faraday | 3,361 |
| 5 | LinkFinder | 2,548 |
| 6 | S3Scanner | 1,825 |
| 7 | snoop | 1,464 |
| 8 | mongoaudit | 1,252 |
| 9 | Name-That-Hash | 1,063 |
| 10 | Search-That-Hash | 988 |
| 11 | kubestriker | 900 |
| 12 | DumpsterFire | 846 |
| 13 | passphrase-wordlist | 769 |
| 14 | WebMap | 542 |
| 15 | natlas | 518 |
| 16 | iKy | 427 |
| 17 | StalkPhish | 378 |
| 18 | basecrack | 336 |
| 19 | hackthebox | 265 |
| 20 | CVE-2022-26134 | 233 |
| 21 | dora | 206 |
| 22 | gitlab-watchman | 161 |
| 23 | pandora | 116 |
Are you hiring? Post a new remote job listing for free.
