Python Security

Open-source Python projects categorized as Security | Edit details

Top 23 Python Security Projects

  • GitHub repo PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: YAML: It's Time to Move On | news.ycombinator.com | 2021-11-14

    Not exactly an incompatibility, but my mind jumped to issues like this: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/mas...

        [email protected]

  • GitHub repo mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: TCP Traffic tunneln/weiterleiten zur Analyse | reddit.com/r/de_EDV | 2021-11-24

    Hört sich nach mitmproxy an.

  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo algo

    Set up a personal VPN in the cloud

    Project mention: It's Hard to Say Who's Winning the Streaming Wars, but Customers Are Losing | news.ycombinator.com | 2021-11-19

    If you don't want to trust or pay for a VPN, set up your own:

    https://github.com/trailofbits/algo

  • GitHub repo SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: Security service that protects from SQLi had critical SQLi vulnerability | news.ycombinator.com | 2021-11-26

    Yes, that's one way to extract data by (ab)using a blind sql injection vulnerability.

    If you look at sqlmap [1], they offer two techniques for blind sql injection: boolean-based and time-based. Boolean-based should be used when the app just returns an error page (or not) based on your sql injection. The time-based approach should be used when no error page appears but the SQL is still executed.

    But when I look at sqlmap docs for the time-based approach [2] I think I got the initial explanation wrong. It will do a 5 second delay if a certain condition is met, e.g. "Is the first character of the value an 'T'? If yes, wait 5 seconds; if not, return immediately". And then send hundreds of requests in parallel to iterate over all positions & possible characters.

    [1] https://github.com/sqlmapproject/sqlmap/wiki/Usage#sql-injec...

  • GitHub repo hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    Project mention: Tried out CoreDNS - just 14 lines | reddit.com/r/homelab | 2021-11-28

    Today i tried out CoreDNS for my homlab to replace my 2 node bind9 master-slave cluster, and i am excited so far: Took me 1 hr and 14 lines of config to get it running and serving all quieres in our house. Copied my zones files from bind and added a hostfile from https://github.com/StevenBlack/hosts, work done. Plugin structure and Speed is also nice.

  • GitHub repo CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: Is django login system safe enough? | reddit.com/r/django | 2021-11-08

    There is a lot more related with application security, but that should be subject to a whole other topic. If you want to dive a little deeper, I suggest starting with the OWASP Cheat Sheet series: https://cheatsheetseries.owasp.org/

  • GitHub repo macOS-Security-and-Privacy-Guide

    Guide to securing and improving privacy on macOS

    Project mention: Homebrew Package Manager Harden Script | reddit.com/r/netsec | 2021-11-07

    Hardening is based off of several guides such as drduh hardening guide.

  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo wifiphisher

    The Rogue Access Point Framework

    Project mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10

    You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.

  • GitHub repo routersploit

    Exploitation Framework for Embedded Devices

    Project mention: How to gain root access to my Modem/Router | reddit.com/r/hacking | 2021-11-08

    Run https://github.com/threat9/routersploit against it

  • GitHub repo Mailpile

    A free & open modern, fast email client with user-friendly encryption and privacy features

    Project mention: All self-hosted email client options are ugly! | reddit.com/r/selfhosted | 2021-09-25

    Mailpile supports theming. https://github.com/mailpile/Mailpile/wiki/Themes

  • GitHub repo urh

    Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

    Project mention: Hey guys does anyone recognize this software, I had it on my laptop but then I sold my laptop and forgot to save the name | reddit.com/r/sdr | 2021-11-22
  • GitHub repo dirsearch

    Web path scanner

    Project mention: Release dirsearch v0.4.2 - Web Path Scanner | reddit.com/r/netsec | 2021-09-12
  • GitHub repo scapy

    Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

    Project mention: Scapy | reddit.com/r/ITProTuesday | 2021-11-19

    Scapy is a powerful, interactive Python2/3 packet-manipulation program that can forge or decode packets for a wide array of protocols, send & capture them, match requests with replies and more. Easily handles tasks like scanning, tracerouting, probing, unit tests, attacks and network discovery so it can replace hping, most of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc. Also performs specific tasks most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames and combining technics. Our thanks for this suggestion go to lazyjk.

  • GitHub repo trape

    People tracker on the Internet: OSINT analysis and research tool by Jose Pino

    Project mention: Using Pi4 running Bettercap as a honeypot to catch a legit stalker | reddit.com/r/HowToHack | 2021-10-23
  • GitHub repo Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

    Project mention: Was my raspberry hacked? | reddit.com/r/linuxadmin | 2021-10-29

    If you are worried about hacking attempts, installing fail2ban will help.

  • GitHub repo opensnitch

    OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

    Project mention: The Privacy, Security, & OSINT Show: Announcement: Listener Questions Show | reddit.com/r/PrivacySecurityOSINT | 2021-11-12
  • GitHub repo OnionShare

    Securely and anonymously share files, host websites, and chat with friends using the Tor network

    Project mention: Living Without Work: Survival Resources & Guide for the Capitalist World | reddit.com/r/antiwork | 2021-11-16

    If you want to connect directly to people you've met in-person, onionshare can be an excellent way to do that in a secure manner. It's a software that allows you to have chatrooms, fileshares, and even host static websites, in ways that leave you anonymous. It's available on https://onionshare.org/, and viewing the pages it creates requires using the onion browser, available on the app store, google play store, fdroid, and https://www.torproject.org/download/.

  • GitHub repo pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

    Project mention: Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide] | news.ycombinator.com | 2021-11-12
  • GitHub repo AutoSploit

    Automated Mass Exploiter

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.

  • GitHub repo sigma

    Generic Signature Format for SIEM Systems

    Project mention: SIEM Test Cases | reddit.com/r/cybersecurity | 2021-10-19

    SIGMA SOCPrime Sigma Sigma Translator Elastic Rules Splunk Rules ThreatHunter Playbook iRedTeam Lolbas Atomic Red Team

  • GitHub repo objection

    📱 objection - runtime mobile exploration

    Project mention: Awesome CTF : Top Learning Resource Labs | reddit.com/r/TutorialBoy | 2021-11-13

    Objection - Runtime Mobile Exploration.

  • GitHub repo maltrail

    Malicious traffic detection system

    Project mention: How do you run self-hosted software? | reddit.com/r/selfhosted | 2021-02-15

    last docker discovery : maltrail (https://github.com/stamparm/maltrail , about to be moved from VM to docker)

  • GitHub repo cowrie

    Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

    Project mention: Honeypot server | reddit.com/r/cybersecurity | 2021-11-24

    I set up one of these a while back: https://github.com/cowrie/cowrie

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-11-28.

Python Security related posts

Index

What are some of the best open-source Security projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 32,246
2 mitmproxy 25,267
3 algo 24,154
4 SQLMap 21,723
5 hosts 19,190
6 CheatSheetSeries 19,139
7 macOS-Security-and-Privacy-Guide 18,576
8 wifiphisher 10,260
9 routersploit 9,807
10 Mailpile 8,521
11 urh 7,702
12 dirsearch 7,158
13 scapy 6,887
14 trape 6,707
15 Fail2Ban 6,613
16 opensnitch 6,608
17 OnionShare 4,918
18 pyWhat 4,888
19 AutoSploit 4,482
20 sigma 4,333
21 objection 4,331
22 maltrail 4,244
23 cowrie 3,789
Find remote jobs at our new job board 99remotejobs.com. There are 34 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com