Python security-audit

Open-source Python projects categorized as security-audit

Top 23 Python security-audit Projects

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

    Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04

    Which cloud provider?

    https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.

    Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • github-dorks

    Find leaked secrets via github search

  • Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

  • owasp-masvs

    The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

    Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03

    https://github.com/OWASP/owasp-masvs :

    > The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  • inql

    InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  • ssh-mitm

    SSH-MITM - ssh audits made simple (by ssh-mitm)

    Project mention: Terrapin Attack for prefix injection in SSH | news.ycombinator.com | 2023-12-19

    There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • enum4linux-ng

    A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

  • kubestriker

    A Blazing fast Security Auditing tool for Kubernetes

  • pip-audit

    Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

    Project mention: Smooth Packaging: Flowing from Source to PyPi with GitLab Pipelines | dev.to | 2024-01-18

    Next up is making sure, none of the dependencies used throughout the project brings with it any already identified security issue. The makefile target audit, invokes the handy tool pip-audit.

  • ElectricEye

    ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

  • habu

    Hacking Toolkit

  • dep-scan

    OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

    Project mention: Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone | /r/devsecops | 2023-12-05

    Depscan v5 is the first opensource SCA tool that can perform precision reachability analysis for Java, JavaScript/TypeScript, and Python applications to triage and prioritize the results. We invented an automatic symbols tagger, a lightweight data-flow analyzer, and a static slicer to compute all reachable flows with or without vulnerabilities. We open-sourced all our work, including the specification.

  • betterscan-ce

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

  • packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    Project mention: Rust Without Crates.io | news.ycombinator.com | 2023-11-14

    Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

    1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

  • aura

    Python source code auditing and static analysis on a large scale (by SourceCode-AI)

    Project mention: Aura – Python source code auditing and static analysis on a large scale | news.ycombinator.com | 2023-04-10
  • aws-cloudsaga

    AWS CloudSaga - Simulate security events in AWS

  • zap-cli

    A simple tool for interacting with OWASP ZAP from the commandline.

  • kcare-uchecker

    A simple tool to detect outdated shared libraries

  • poro

    Scan publicly accessible assets on your AWS cloud environment

  • pyrcrack

    Python Aircrack-ng bindings

  • dummy

    Generator of static files for testing file upload. It can generate the png file of any number of bytes! (by sterrasec)

    Project mention: GitHub - sterrasec/dummy: Generator of static files for testing file upload. It can generate the png file of any number of bytes! | /r/webdev | 2023-10-20
  • Dimorf

    Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-01-18.

Python security-audit related posts

Index

What are some of the best open-source security-audit projects in Python? This list will help you:

Project Stars
1 prowler 9,424
2 faraday 4,558
3 github-dorks 2,620
4 Reconnoitre 2,065
5 owasp-masvs 1,924
6 inql 1,439
7 ssh-mitm 1,211
8 enum4linux-ng 991
9 kubestriker 976
10 pip-audit 903
11 ElectricEye 858
12 habu 849
13 dep-scan 676
14 betterscan-ce 672
15 packj 594
16 aura 482
17 aws-cloudsaga 415
18 zap-cli 220
19 kcare-uchecker 183
20 poro 141
21 pyrcrack 113
22 dummy 51
23 Dimorf 50
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com