InfluxDB is the Time Series Data Platform where developers build real-time applications for analytics, IoT and cloud-native services in less time with less code. Learn more →
Top 23 Python Security Projects
A list of useful payloads and bypass for Web Application Security and Pentest/CTFProject mention: A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters | dev.to | 2022-11-15
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.Project mention: Ask HN: Any good black Friday deals? | news.ycombinator.com | 2022-11-25
It's really nice. I bought it last year, but don't use it frequently enough and didn't renew it this year. If you're in the same boat https://mitmproxy.org is really helpful and with `mitmweb` offering a web alternative to their TUI it's really convenient.
If you have ProxyMan you can renew with the discount, too.
Truly a developer’s best friend. Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀.
Automatic SQL injection and database takeover toolProject mention: sqlmap | reddit.com/r/HackProtectSlo | 2022-09-26
Namestitev: git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev Uporaba: python sqlmap.py -h python sqlmap.py -hh
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.Project mention: Rule of Thumb for JWT's? | reddit.com/r/Backend | 2022-11-19
There is OWASP JWT Cheatsheet that goes into details. Here’s another awesome article on hasura blog for the same.
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.Project mention: Windows 10 virtual machine + VPN on host PC enough security for torrenting movies? | reddit.com/r/PrivacyGuides | 2022-11-25
Also this: https://github.com/StevenBlack/hosts
Guide to securing and improving privacy on macOSProject mention: Ask HN: What do you do for online privacy? | news.ycombinator.com | 2022-11-11
- macos, following https://github.com/drduh/macOS-Security-and-Privacy-Guide for hardening (I haven't compared this to other hardening guides, but doing something is better than nothing)
The Rogue Access Point FrameworkProject mention: Is there such a thing as a long range wifi adapter? | reddit.com/r/HomeNetworking | 2022-03-25
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
Exploitation Framework for Embedded DevicesProject mention: Is there a way to gain a router's webpage password and username? | reddit.com/r/hacking | 2022-11-26
Web path scannerProject mention: dirsearch - release v0.4.3 - crawling supported | reddit.com/r/netsec | 2022-10-05
Universal Radio Hacker: Investigate Wireless Protocols Like A BossProject mention: Linux: software: auto detect digital modulation type. | reddit.com/r/sdr | 2022-11-15
Tried tool https://github.com/jopohl/urh and it does not get too much information. I am expecting to find something similar to wireshark - it can detect protocols in traffic and highligh different kind of fields in packet headers.
A free & open modern, fast email client with user-friendly encryption and privacy featuresProject mention: My slow progression towards and away from NextCloud | reddit.com/r/selfhosted | 2022-11-12
Have a look at mailpile if you are after a web interface; or, the ever-dependable Thunderbird if you are fine with a desktop application.
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.Project mention: packet-rs - A Scapy like rust packet interface | reddit.com/r/rust | 2022-11-25
OpenSnitch is a GNU/Linux port of the Little Snitch application firewallProject mention: How to block website? | reddit.com/r/linuxquestions | 2022-11-26
Daemon to ban hosts that cause multiple authentication errorsProject mention: SSHGuard | news.ycombinator.com | 2022-11-26
People tracker on the Internet: OSINT analysis and research tool by Jose PinoProject mention: ILPT Request: how do I track a phone... | reddit.com/r/IllegalLifeProTips | 2022-11-24
Generic Signature Format for SIEM SystemsProject mention: How Falcon OverWatch Hunts for Out-of-Band Application Security Testing | reddit.com/r/crowdstrike | 2022-11-04
If anyone wants to build out their own detections for this kind of activity, this Sigma rule lists the most common domains used for this activity: https://github.com/SigmaHQ/sigma/blob/master/rules/network/dns/net_dns_external_service_interaction_domains.yml
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️Project mention: Go Library like PyWhat? | reddit.com/r/golang | 2022-10-20
Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!
📱 objection - runtime mobile explorationProject mention: Prerequisites for reverse engineering? | reddit.com/r/hacking | 2022-10-11
Community curated list of templates for the nuclei engine to find security vulnerabilities.Project mention: Attack simulation tool based on CVE | reddit.com/r/redteamsec | 2022-10-06
Nmap can run scripts that trigger NIPS, as does Nuclei. https://nmap.org/ & https://github.com/projectdiscovery/nuclei you can look at a list of vuln scanners here. https://owasp.org/www-community/Vulnerability_Scanning_Tools. Nessus would be a common one to look at for Enterprise. Rapid 7, Qualys.
Multi-Cloud Security Auditing ToolProject mention: Scanning for AWS Security Issues with Trivy | news.ycombinator.com | 2022-08-16
Scalable fuzzing infrastructure.Project mention: An ex-Googler's guide to dev tools | news.ycombinator.com | 2022-07-17
Then it is clear that the behavior of this for loop is either not important or not being tested. This could mean that the tests that you do have are not useful and can be deleted.
> For most non-trivial software the possible state-space is enormous and we generally don't/can't test all of it. So "not testing the (full) behaviour of your application is the default for any test strategy", if we could we wouldn't have bugs... Last I checked most software (including Google's) has plenty of bugs.
I have also used (setup, fixed findings) using https://google.github.io/clusterfuzz/ which uses coverage + properties to find bugs in the way C++ code handles pointers and other things.
> The next question would be let's say I spend my time writing the tests to resolve this (could be a lot of work) is that time better spent vs. other things I could be doing? (i.e. what's the ROI)
That is something that will depend largely on the team and the code you are on. If you are in experimental code that isn't in production, is there value to this? Likely not. If you are writing code that if it fails to parse some data correctly you'll have a huge headache trying to fix it? Likely yes.
The SRE workbook goes over making these calculations.
> Even ignoring that is there data to support that the quality of software where mutation testing was added improved measurably (e.g. less bugs files against the deployed product, better uptime, etc?)
I know that there are studies that show that tests reduce bugs but I do not know of studies that say that higher test coverage reduces bugs.
The goal of mutation testing isn't to drive up coverage though. It is to find out what cases are not being exercised and evaluating if they will cause a problem. For example mutation testing tools have picked up cases like this:
if (debug) print("Got here!");
Workflow assistant built for devs & their teams. Automate the mundane part of your day, with live actionable messages for your GitHub & Jira tasks.
Python Security related posts
2 projects | news.ycombinator.com | 26 Nov 2022
Is there a way to gain a router's webpage password and username?
1 project | reddit.com/r/hacking | 26 Nov 2022
Show HN: Analyze the behavior of OSS for malicious intent
1 project | news.ycombinator.com | 24 Nov 2022
Analyze the behavior of OSS for malicious intent
2 projects | reddit.com/r/netsec | 23 Nov 2022
Firewall is disabled by default in KDE neon, is that normal?
1 project | reddit.com/r/kde | 22 Nov 2022
Release 0.3 External Pull Request
2 projects | dev.to | 22 Nov 2022
App für iOS für Netzwerk Traffic dump?
1 project | reddit.com/r/de_EDV | 22 Nov 2022
A note from our sponsor - InfluxDB
www.influxdata.com | 27 Nov 2022
What are some of the best open-source Security projects in Python? This list will help you: