Top 23 Python Security Projects

Security

• Add a project

1. PayloadsAllTheThings

   1 37 78,176 8.6 Python

   A list of useful payloads and bypass for Web Application Security and Pentest/CTF

   

   Project mention: Irish-Name-Repo 2 - picoCTF '19 (web) | dev.to | 2025-09-06

   if you've never worked on SQL injection that's fine there is a PWNSOME REPOSITORY(get it? pwn + awesome) called[ Payload All The Things (https://github.com/swisskyrepo/PayloadsAllTheThings) it has different payloads for different web vulnerabilities.

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. mitmproxy

   2 172 43,808 9.5 Python

   An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

   

   Project mention: How to audit what your IDE extension actually sends to the cloud | dev.to | 2026-05-22

   mitmproxy is the gold standard here. It's free, open source, and Python-scriptable.

4. quivr

   3 24 39,171 9.1 Python

   Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.

   

5. SQLMap

   4 46 37,563 9.5 Python

   Automatic SQL injection and database takeover tool

   

   Project mention: 🛡️ Examining the Database in SQL Injection Attacks | dev.to | 2025-06-14

   SQLMap Project

6. CheatSheetSeries

   5 56 32,169 9.3 Python

   The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

   

   Project mention: CSRF Protection Without Tokens or Hidden Form Fields | news.ycombinator.com | 2025-12-22

   Again, the maintainer eventually came around.

   Our confusion might be due to the fact that an erroneous PR (by seemingly an AI-wielding student...) was somehow recently accepted that completely reverted the changes we collectively worked on, which effectively made Fetch Metadata a full solution. So, it is back to showing as defense in depth. I've raised an issue about it, which wouldn't have happened if I didn't see your article!

   Here's the previous language:

   > If your software targets only modern browsers, you may rely on [Fetch Metadata headers](#fetch-metadata-headers) together with the fallback options described below to block cross-site state-changing requests

   We then detailed some fallbacks (eg Origin header). Full text can be viewed in the original PR

   https://github.com/OWASP/CheatSheetSeries/pull/1875

   or

   https://github.com/OWASP/CheatSheetSeries/blob/7fc3e6b8fde65...

7. hosts

   6 323 30,496 9.5 Python

   🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

   

   Project mention: I made my phone slow on purpose | news.ycombinator.com | 2026-06-01

   For those who don't use it already, the following is a great compilation of curated block lists you can put into your etc/hosts file to block traffic :)

   https://github.com/StevenBlack/hosts

8. algo

   7 159 30,256 9.3 Python

   Set up a personal VPN in the cloud

   

   Project mention: AlgoVPN 2.0 Release | news.ycombinator.com | 2025-08-23

9. macOS-Security-and-Privacy-Guide

   8 25 22,426 7.0 Python

   Community guide to securing and improving privacy on macOS.

   

10. DB-GPT

    9 11 18,912 8.7 Python

    open-source agentic AI data assistant for the next generation of AI + Data products.

    

    Project mention: Launch HN: Gecko Security (YC F24) – AI That Finds Vulnerabilities in Code | news.ycombinator.com | 2025-08-01

    Yes, that's exactly what we do. Some examples: https://github.com/eosphoros-ai/DB-GPT/pull/2650, https://github.com/dagster-io/dagster/pull/30002

    We just need to follow responsible disclosure first by notifying the maintainers, working with them on a fix, and making it public once it is resolved.

11. Fail2Ban

    10 59 17,924 8.0 Python

    Daemon to ban hosts that cause multiple authentication errors

    

    Project mention: UFW, fail2ban, and Banning Repeat Offenders | dev.to | 2026-03-23

    UFW blocks ports. fail2ban blocks behavior. Together they form your server's intrusion response layer — UFW narrows the attack surface, fail2ban watches the traffic that gets through and bans the IPs that misbehave.

12. wifiphisher

    11 5 14,559 2.1 Python

    The Rogue Access Point Framework

    

13. dirsearch

    12 12 14,328 7.5 Python

    Web path scanner

    

14. Anthropic-Cybersecurity-Skills

    13 5 14,293 7.0 Python

    754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

    

    Project mention: Claude for Small Business: 382K Day-One Buyer's Guide | dev.to | 2026-05-25

    The GitHub Trending board today corroborates this. Of the top fifteen repos, at least four are explicitly Skills-targeted: multica-ai/andrej-karpathy-skills (154K stars), affaan-m/ECC (192K stars), mukul975/Anthropic-Cybersecurity-Skills (9K), and the broader multica-ai/multica managed-agents platform.

15. prowler

    14 30 13,949 9.9 Python

    Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

    

    Project mention: CIS AWS v3.0 in 60 Seconds: Automate Compliance with Terraform | dev.to | 2026-03-27

    And you're probably guessing that I'm not the first person to have the idea - we need to automate this. AWS Security Hub maps 37 controls. Prowler all of them. However, none of them answer the question of how to fix them (at least not by copy-pasting).

16. opensnitch

    15 231 13,713 9.6 Python

    OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

    

    Project mention: GitHub is investigating unauthorized access to their internal repositories | news.ycombinator.com | 2026-05-19

    the pop-ups fatigue is already an issue, and not an easy one to solve. Pretty much like SIEM/SOC alerts.

    > The trick is to infect a plugin that has a legitimate reason for accessing the internet or running certain commands, and then coming up with ways to abuse that to exfiltrate the data. Or exfiltrating via DNS queries, or some other vector that isn't so obvious as "allow TCP/UDP connections to the whole world".

    They'll get there, maybe. But the reality is that right now, everyone allows outbound requests blindly.

    Instead of speculating, I suggest to actually investigate current IOCs and common tactics of malicious npm/pip/plugins/VS extensions. Something like this:

    https://github.com/evilsocket/opensnitch/discussions/1119

    Or use OpenSnitch (or Lulu, Glasswire, ZoneAlarm anyone?:D etc) to actually analyze real VS malicious extensions or npm packages and see if it stops the exfiltration, and if not, suggest ways to improve it. For example:

    https://markdownpastebin.com/?id=9c294c75f09349d2977a4ccd250...

17. awesome-web-security

    16 3 13,437 2.3 Python

    🐶 A curated list of Web Security materials and resources.

    

18. routersploit

    17 11 13,138 3.4 Python

    Exploitation Framework for Embedded Devices

    

19. mvt

    18 92 12,461 8.2 Python

    MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

    

20. scapy

    19 29 12,338 8.9 Python

    Scapy: the Python-based interactive packet manipulation program & library.

    

    Project mention: Network Scanning with Python: ARP, Port, and DNS Scanner | dev.to | 2025-10-18

    Network security and reconnaissance are essential skills for cybersecurity professionals. In this blog post, we will build a Python-based network scanner that performs ARP scanning, port scanning, and DNS resolution using the scapy, socket, dns.resolver, and threading libraries. We will also use rich for better console output.

21. BunkerWeb

    20 25 10,572 9.9 Python

    🛡️ Open-source and cloud-native Web Application Firewall (WAF)

    

    Project mention: Show HN: BunkerWeb – open-source and cloud-native WAF/WAAP | news.ycombinator.com | 2026-01-12

22. sigma

    21 44 10,511 9.8 Python

    Main Sigma Rule Repository

    

    Project mention: Building a Threat Hunting Pipeline with Python and Jupyter | dev.to | 2026-04-27

    Notebooks are for exploration and documentation. When a hunt hypothesis proves reliable, translate the logic into a production detection. Sigma is the right destination for detection logic that needs to run continuously, that others need to maintain, or that needs to deploy across different SIEM platforms. The notebook is where you prove the hypothesis works; Sigma or your SIEM's detection language is where it runs in production.

23. frappe

    22 5 10,179 10.0 Python

    Low code web framework for real world applications, in Python and Javascript

    

24. objection

    23 19 9,160 6.5 Python

    📱 objection - runtime mobile exploration

    

    Project mention: Wanted to spy on my dog, ended up spying on TP-Link | news.ycombinator.com | 2025-09-15

Python Security related posts

• Anthropic's open-source framework for AI-powered vulnerability discovery

  7 projects | news.ycombinator.com | 4 Jun 2026

• Why traditional DAST misses your API vulnerabilities (and how to fix it in CI/CD)

  2 projects | dev.to | 1 Jun 2026

• Packj flags malicious/risky open-source packages

  1 project | news.ycombinator.com | 22 May 2026

• How to audit what your IDE extension actually sends to the cloud

  1 project | dev.to | 22 May 2026

• How to Stop Leaking AWS Keys to GitHub (And What to Do When You Already Did)

  2 projects | dev.to | 20 May 2026

• AI Is Breaking Two Vulnerability Cultures — And Vibe Coders Are About to Get Caught in the Middle

  2 projects | dev.to | 8 May 2026

• I built an open-source CLI that scores any site for AI-agent readiness (0-100)

  4 projects | dev.to | 7 May 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 6 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!