Top 23 Python Security Projects
A list of useful payloads and bypass for Web Application Security and Pentest/CTFProject mention: YAML: It's Time to Move On | news.ycombinator.com | 2021-11-14
Not exactly an incompatibility, but my mind jumped to issues like this: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/mas...
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.Project mention: TCP Traffic tunneln/weiterleiten zur Analyse | reddit.com/r/de_EDV | 2021-11-24
Hört sich nach mitmproxy an.
Run Linux Software Faster and Safer than Linux with Unikernels.
Set up a personal VPN in the cloud
Automatic SQL injection and database takeover toolProject mention: Security service that protects from SQLi had critical SQLi vulnerability | news.ycombinator.com | 2021-11-26
Yes, that's one way to extract data by (ab)using a blind sql injection vulnerability.
If you look at sqlmap , they offer two techniques for blind sql injection: boolean-based and time-based. Boolean-based should be used when the app just returns an error page (or not) based on your sql injection. The time-based approach should be used when no error page appears but the SQL is still executed.
But when I look at sqlmap docs for the time-based approach  I think I got the initial explanation wrong. It will do a 5 second delay if a certain condition is met, e.g. "Is the first character of the value an 'T'? If yes, wait 5 seconds; if not, return immediately". And then send hundreds of requests in parallel to iterate over all positions & possible characters.
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.Project mention: Tried out CoreDNS - just 14 lines | reddit.com/r/homelab | 2021-11-28
Today i tried out CoreDNS for my homlab to replace my 2 node bind9 master-slave cluster, and i am excited so far: Took me 1 hr and 14 lines of config to get it running and serving all quieres in our house. Copied my zones files from bind and added a hostfile from https://github.com/StevenBlack/hosts, work done. Plugin structure and Speed is also nice.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.Project mention: Is django login system safe enough? | reddit.com/r/django | 2021-11-08
There is a lot more related with application security, but that should be subject to a whole other topic. If you want to dive a little deeper, I suggest starting with the OWASP Cheat Sheet series: https://cheatsheetseries.owasp.org/
Guide to securing and improving privacy on macOSProject mention: Homebrew Package Manager Harden Script | reddit.com/r/netsec | 2021-11-07
Hardening is based off of several guides such as drduh hardening guide.
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
The Rogue Access Point FrameworkProject mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10
You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.
Exploitation Framework for Embedded DevicesProject mention: How to gain root access to my Modem/Router | reddit.com/r/hacking | 2021-11-08
Run https://github.com/threat9/routersploit against it
A free & open modern, fast email client with user-friendly encryption and privacy featuresProject mention: All self-hosted email client options are ugly! | reddit.com/r/selfhosted | 2021-09-25
Mailpile supports theming. https://github.com/mailpile/Mailpile/wiki/Themes
Universal Radio Hacker: Investigate Wireless Protocols Like A BossProject mention: Hey guys does anyone recognize this software, I had it on my laptop but then I sold my laptop and forgot to save the name | reddit.com/r/sdr | 2021-11-22
Web path scannerProject mention: Release dirsearch v0.4.2 - Web Path Scanner | reddit.com/r/netsec | 2021-09-12
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.Project mention: Scapy | reddit.com/r/ITProTuesday | 2021-11-19
Scapy is a powerful, interactive Python2/3 packet-manipulation program that can forge or decode packets for a wide array of protocols, send & capture them, match requests with replies and more. Easily handles tasks like scanning, tracerouting, probing, unit tests, attacks and network discovery so it can replace hping, most of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc. Also performs specific tasks most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames and combining technics. Our thanks for this suggestion go to lazyjk.
People tracker on the Internet: OSINT analysis and research tool by Jose PinoProject mention: Using Pi4 running Bettercap as a honeypot to catch a legit stalker | reddit.com/r/HowToHack | 2021-10-23
Daemon to ban hosts that cause multiple authentication errorsProject mention: Was my raspberry hacked? | reddit.com/r/linuxadmin | 2021-10-29
If you are worried about hacking attempts, installing fail2ban will help.
OpenSnitch is a GNU/Linux port of the Little Snitch application firewallProject mention: The Privacy, Security, & OSINT Show: Announcement: Listener Questions Show | reddit.com/r/PrivacySecurityOSINT | 2021-11-12
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️Project mention: Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide] | news.ycombinator.com | 2021-11-12
Automated Mass ExploiterProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
Generic Signature Format for SIEM SystemsProject mention: SIEM Test Cases | reddit.com/r/cybersecurity | 2021-10-19
SIGMA SOCPrime Sigma Sigma Translator Elastic Rules Splunk Rules ThreatHunter Playbook iRedTeam Lolbas Atomic Red Team
📱 objection - runtime mobile explorationProject mention: Awesome CTF : Top Learning Resource Labs | reddit.com/r/TutorialBoy | 2021-11-13
Objection - Runtime Mobile Exploration.
Malicious traffic detection systemProject mention: How do you run self-hosted software? | reddit.com/r/selfhosted | 2021-02-15
last docker discovery : maltrail (https://github.com/stamparm/maltrail , about to be moved from VM to docker)
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.ioProject mention: Honeypot server | reddit.com/r/cybersecurity | 2021-11-24
I set up one of these a while back: https://github.com/cowrie/cowrie
Python Security related posts
Security service that protects from SQLi had critical SQLi vulnerability
1 project | news.ycombinator.com | 26 Nov 2021
Teen caught in $46M dollar Bitcoin theft via buying a username
3 projects | news.ycombinator.com | 24 Nov 2021
1 project | reddit.com/r/cybersecurity | 24 Nov 2021
TCP Traffic tunneln/weiterleiten zur Analyse
2 projects | reddit.com/r/de_EDV | 24 Nov 2021
Hey guys does anyone recognize this software, I had it on my laptop but then I sold my laptop and forgot to save the name
1 project | reddit.com/r/sdr | 22 Nov 2021
FormDataMultiPart file submission
1 project | reddit.com/r/javahelp | 21 Nov 2021
Use "2FA" with your hardware wallets
2 projects | reddit.com/r/CryptoCurrency | 20 Nov 2021
What are some of the best open-source Security projects in Python? This list will help you:
Are you hiring? Post a new remote job listing for free.