Judoscale integrates with Django, FastAPI, Celery, and RQ to make autoscaling easy and reliable. Save big, and say goodbye to request timeouts and backed-up task queues. Learn more →
Top 23 Python Infosec Projects
-
Project mention: Sherlock: Hunt down social media accounts by username across 400 social networks | news.ycombinator.com | 2024-12-25
the only data needed are the urls from https://github.com/sherlock-project/sherlock/blob/master/she...
[1] https://www.reddit.com/r/github/comments/1at9br4/i_am_new_to...
-
Judoscale
Save 47% on cloud hosting with autoscaling that just works. Judoscale integrates with Django, FastAPI, Celery, and RQ to make autoscaling easy and reliable. Save big, and say goodbye to request timeouts and backed-up task queues.
-
Project mention: SpiderFoot automates OSINT for threat intelligence | news.ycombinator.com | 2024-07-03
Some would disagree with that statement: <https://github.com/smicallef/spiderfoot/issues>
The little development on the project is probably due to it's age.
-
-
-
Link: Awesome-WAF on GitHub
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
-
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
-
NOTE: The last time I rooted this machine, it was July 2023. At time of editing, (July 2024), CrackMapExec has been deprecated, and it's generally recommended to use NetExec (NXC). The syntax should be very similar, and it should get you through this portion of the writeup.
-
-
-
Malcolm
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
-
cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
-
-
Bashfuscator
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
-
Name-That-Hash
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
-
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
Search-That-Hash
🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
-
-
passphrase-wordlist
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
-
-
DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
-
-
InfluxDB
InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
Python Infosec discussion
Python Infosec related posts
-
SpiderFoot automates OSINT for threat intelligence
-
Show HN: Automatic security lookups from your clipboard
-
How to add a man page to your Ruby project, using kramdown-man and markdown
-
CI/CD Access All Areas?
-
That is why utilizing Tails OS (and Whonix OS) in a combination with automated data self-destruction is always worthwhile…
-
GitHub - adityatelange/htb-writeups-fetcher: Automated Script with GitHub actions to fetch official #HackTheBox write-ups after the box is **retired**.
-
Wordlists
-
A note from our sponsor - Judoscale
judoscale.com | 29 Apr 2025
Index
What are some of the best open-source Infosec projects in Python? This list will help you:
# | Project | Stars |
---|---|---|
1 | sherlock | 63,843 |
2 | spiderfoot | 14,215 |
3 | dirsearch | 12,825 |
4 | routersploit | 12,485 |
5 | Awesome-WAF | 6,615 |
6 | DefaultCreds-cheat-sheet | 6,053 |
7 | faraday | 5,373 |
8 | can-i-take-over-xyz | 5,130 |
9 | NetExec | 4,088 |
10 | LinkFinder | 3,891 |
11 | snoop | 3,328 |
12 | Malcolm | 2,101 |
13 | cicd-goat | 2,054 |
14 | yeti | 1,846 |
15 | Bashfuscator | 1,726 |
16 | Name-That-Hash | 1,545 |
17 | Hunting-Queries-Detection-Rules | 1,429 |
18 | Search-That-Hash | 1,344 |
19 | mongoaudit | 1,323 |
20 | passphrase-wordlist | 1,253 |
21 | PlumHound | 1,176 |
22 | DumpsterFire | 1,006 |
23 | WebMap | 999 |