Top 23 Python Security Projects

• PayloadsAllTheThings

  34 56,681 8.6 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

• mitmproxy

  152 34,277 9.4 Python

  An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

  

Project mention: Ask HN: Fiddler Alternatives | news.ycombinator.com | 2024-03-14

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• SQLMap

  40 30,495 8.7 Python

  Automatic SQL injection and database takeover tool

  

Project mention: Best Hacking Tools for Beginners 2024 | dev.to | 2024-02-01

sqlmap

• CheatSheetSeries

  49 26,480 9.1 Python

  The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

  

Project mention: Next.js: consequence of AppRouter on your CSP | dev.to | 2024-03-07

Cross Site Scripting Prevention Cheat Sheet from OWASP Cheat Sheet Series

• hosts

  306 25,413 9.5 Python

  🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

Project mention: Does PiHole block porn? | /r/pihole | 2023-12-06

Not by default but a blocklist can be found here https://github.com/StevenBlack/hosts

• macOS-Security-and-Privacy-Guide

  25 20,863 9.6 Python

  Guide to securing and improving privacy on macOS

Project mention: Hardening macOS | /r/MacOS | 2023-07-03

• wifiphisher

  5 12,681 1.3 Python

  The Rogue Access Point Framework

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• routersploit

  11 11,857 5.4 Python

  Exploitation Framework for Embedded Devices

  

• dirsearch

  12 11,213 7.9 Python

  Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

• DB-GPT

  10 10,943 9.9 Python

  AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents

  

Project mention: (2/2) May 2023 | /r/dailyainews | 2023-06-02

Interact your data and environment using the local GPT (https://github.com/csunny/DB-GPT)

• urh

  35 10,395 6.8 Python

  Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

Project mention: Flipper Zero: Multi-Tool Device for Geeks | news.ycombinator.com | 2024-01-21

>> or somewhat expensive and complex SDR

I don’t think that’s as accurate today as it used to be.

On the hardware side there are tons of options very cheaply available - iirc the flipper uses the c1100 (or a number like that) it’s a popular cheap chip and it’s well documented and interfaces easily with arduino.

More accessibly, lime mini SDRs are cheap but there’s quite a few alternatives too.

On the software side GNU Radio is free with decent tutorials - we’re not talking anything like blender levels of difficulty to adopt even if it is a complex domain.

Although on the more accessible side, urh is incredibly powerful given how easy to use it is https://github.com/jopohl/urh

I used the latter to tap into a 2 channel wireless bbq thermometer via a $10 rtl sdr and that was a breeze, an absolute walk in the park compared to when I reverse engineered the flysky telemetry system.

• Fail2Ban

  49 10,366 8.8 Python

  Daemon to ban hosts that cause multiple authentication errors

  

Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10

now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login

• scapy

  26 10,028 9.3 Python

  Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

  

Project mention: Seven Python Projects to Elevate Your Coding Skills | dev.to | 2024-02-15

Example Network Scanner Scapy

• mvt

  91 9,788 8.7 Python

  MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

  

Project mention: Exploiting the iPhone 4 | news.ycombinator.com | 2023-10-02

Amnesty International released Mobile Verification Toolkit to check your phone for malware, by checking encrypted backups on your computer. https://github.com/mvt-project/mvt

• opensnitch

  213 9,652 9.2 Python

  OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

Project mention: Is Linux worth it for the average non-tech user? | /r/privacy | 2023-12-10

• prowler

  24 9,514 9.9 Python

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  

Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04

Which cloud provider?

https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.

Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security

• Mailpile

  10 8,782 4.0 Python

  A free & open modern, fast email client with user-friendly encryption and privacy features

  

Project mention: [Self Hosted] Selbst gehostete Mailserver: mailcow, mailinabox, mailU... hast du sie (eingehend) getestet? Ihre Meinung und Ratschläge hier, danke! | /r/aufdeutsch | 2023-04-27

• trape

  12 7,911 0.0 Python

  People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Project mention: TRACK PEOPLE ON THE INTERNET: Learn to track your opps world, to avoid being traced | /r/make_money_online_vip | 2023-06-16

Github Link

• sigma

  41 7,598 9.8 Python

  Main Sigma Rule Repository

  

Project mention: Sigma rules in real life | /r/cybersecurity | 2023-10-14

Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

• objection

  17 6,978 3.9 Python

  📱 objection - runtime mobile exploration

  

• frappe

  2 6,464 10.0 Python

  Low code web framework for real world applications, in Python and Javascript

  

• pyWhat

  16 6,352 0.0 Python

  🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

• ScoutSuite

  24 6,159 6.1 Python

  Multi-Cloud Security Auditing Tool

  

Project mention: Azure and M365 Secure Config Review | /r/Pentesting | 2023-05-31

Prowler and ScoutSuite are a good start for cloud stuff.

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Security related posts

• Horus: An OSINT / digital forensics tool built in Python (formerly 'Sentinel')
  1 project | news.ycombinator.com | 22 Apr 2024
• Badkeys tool can detect xz backdoor RSA keys
  1 project | news.ycombinator.com | 21 Apr 2024
• Show HN: Horus – An OSINT / digital forensics tool built in Python
  1 project | news.ycombinator.com | 17 Apr 2024
• Tracking Snoop Dogg's $4M Crypto Wallet with My New Open Source Tool!
  1 project | dev.to | 13 Apr 2024
• Ask HN: Any Good Fuzzer for gRPC?
  3 projects | news.ycombinator.com | 21 Mar 2024
• Host your own CTF for free 💸 (CTFd Setup Guide)
  1 project | dev.to | 19 Mar 2024
• Randcrack – predict Python's random module random generated values
  1 project | news.ycombinator.com | 16 Mar 2024
• A note from our sponsor - SaaSHub
  www.saashub.com | 24 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!