Python Infosec

Open-source Python projects categorized as Infosec

Top 23 Python Infosec Projects

  • routersploit

    Exploitation Framework for Embedded Devices

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • dirsearch

    Web path scanner

  • Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

    I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

  • rengine

    reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

  • Awesome-WAF

    🔥 Web-application firewalls (WAFs) from security standpoint.

  • DefaultCreds-cheat-sheet

    One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • can-i-take-over-xyz

    "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

  • LinkFinder

    A python script that finds endpoints in JavaScript files

  • snoop

    Snoop — инструмент разведки на основе открытых данных (OSINT world)

  • Project mention: Osint update of the Snoop Project tool search for user by nickname | news.ycombinator.com | 2024-01-02
  • cicd-goat

    A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

  • Project mention: CI/CD Access All Areas? | dev.to | 2023-09-23

    In this blog post, we want to explore what happens if a development machine gets compromised, granting an attacker write access to source code repositories. To experience this first-hand, we're using CI/CD Goat, and one of the CTF challenges to play through the scenario of an attacker gaining access to sensitive data within build infrastructure.

  • Malcolm

    Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

  • yeti

    Your Everyday Threat Intelligence

  • Bashfuscator

    A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

  • Name-That-Hash

    🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

  • mongoaudit

    🔥 A powerful MongoDB auditing and pentesting tool 🔥

  • Search-That-Hash

    🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

  • passphrase-wordlist

    Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

  • PlumHound

    Bloodhound for Blue and Purple Teams

  • Project mention: Dealing with large BloodHound datasets | dev.to | 2023-12-06

    Name Description Url BloodHound BloodHound GUI https://github.com/BloodHoundAD/BloodHound/ PlumHound Generate a report with actions to resolve the security flaws in the Active Directory configuration https://github.com/DefensiveOrigins/PlumHound/ GoodHound GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. https://github.com/idnahacks/GoodHound/ BlueHound Tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network. https://github.com/zeronetworks/BlueHound/

  • Hunting-Queries-Detection-Rules

    KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

  • Project mention: Advanced Hunting queries every admin should use | /r/DefenderATP | 2023-05-29
  • kubestriker

    A Blazing fast Security Auditing tool for Kubernetes

  • DumpsterFire

    "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

  • WebMap

    WebMap-Nmap Web Dashboard and Reporting

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python Infosec related posts

  • Show HN: Automatic security lookups from your clipboard

    1 project | news.ycombinator.com | 3 Jan 2024
  • How to add a man page to your Ruby project, using kramdown-man and markdown

    2 projects | /r/ruby | 6 Dec 2023
  • CI/CD Access All Areas?

    1 project | dev.to | 23 Sep 2023
  • That is why utilizing Tails OS (and Whonix OS) in a combination with automated data self-destruction is always worthwhile…

    3 projects | /r/opsec | 22 Apr 2023
  • GitHub - adityatelange/htb-writeups-fetcher: Automated Script with GitHub actions to fetch official #HackTheBox write-ups after the box is **retired**.

    1 project | /r/netsec | 2 Feb 2023
  • Wordlists

    4 projects | /r/hacking | 29 Jan 2023
  • I forgot my Router's password and I can just press Reset Button on router.. but is there any fun way to change the password? I know the Wifi's Username/Pass and Router's admin name.

    1 project | /r/HowToHack | 12 Jan 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 24 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Infosec projects in Python? This list will help you:

Project Stars
1 routersploit 11,915
2 spiderfoot 11,887
3 dirsearch 11,353
4 rengine 7,027
5 Awesome-WAF 5,967
6 DefaultCreds-cheat-sheet 5,324
7 faraday 4,651
8 can-i-take-over-xyz 4,489
9 LinkFinder 3,477
10 snoop 2,724
11 cicd-goat 1,827
12 Malcolm 1,766
13 yeti 1,638
14 Bashfuscator 1,509
15 Name-That-Hash 1,417
16 mongoaudit 1,308
17 Search-That-Hash 1,201
18 passphrase-wordlist 1,154
19 PlumHound 1,028
20 Hunting-Queries-Detection-Rules 1,025
21 kubestriker 979
22 DumpsterFire 970
23 WebMap 899

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com