Python security-audit

Open-source Python projects categorized as security-audit | Edit details

Top 13 Python security-audit Projects

  • GitHub repo faraday

    Collaborative Penetration Test and Vulnerability Management Platform (by infobyte)

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.

  • GitHub repo Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • GitHub repo github-dorks

    Find leaked secrets via github search

    Project mention: techgaun/github-dorks - Find leaked secrets via github search | reddit.com/r/GithubSecurityTools | 2021-02-19
  • GitHub repo inql

    InQL - A Burp Extension for GraphQL Security Testing

    Project mention: doyensec/inql - InQL - A Burp Extension for GraphQL Security Testing | reddit.com/r/GithubSecurityTools | 2021-01-29
  • GitHub repo kubestriker

    A Blazing fast Security Auditing tool for Kubernetes

    Project mention: Top 200 Kubernetes Tools for DevOps Engineer Like You | dev.to | 2022-01-15

    TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®

  • GitHub repo ssh-mitm

    ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation (by ssh-mitm)

    Project mention: ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation | reddit.com/r/programming | 2021-12-01
  • GitHub repo habu

    Hacking Toolkit

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • GitHub repo enum4linux-ng

    A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

    Project mention: Enum4linux on a rasberry pi 4 with raspbian | reddit.com/r/hacking | 2021-12-02

    I would recommend https://github.com/cddmp/enum4linux-ng instead.

  • GitHub repo pip-audit

    Audits Python environments and dependency trees for known vulnerabilities

    Project mention: Pre-commit: framework for managing/maintaining multi-language pre-commit hooks | news.ycombinator.com | 2021-12-20

    This is why I stuff everything into a top-level Makefile with `.PHONY` rules instead. Nearly every developer knows how to invoke `make` and already has tab completion for `make` rules, to boot.

    For example: https://github.com/trailofbits/pip-audit/blob/main/Makefile

  • GitHub repo kcare-uchecker

    A simple tool to detect outdated shared libraries

    Project mention: cloudlinux / kcare-uchecker | reddit.com/r/AlmaLinux | 2021-06-17

    Piping into python is a convenience and provides a nice oneliner you can integrate into scanners like nagios or nessus. You can freely check the source both of what you download and what is at the github repository for it: https://github.com/cloudlinux/kcare-uchecker

  • GitHub repo aura

    Python source code auditing and static analysis on a large scale (by SourceCode-AI)

    Project mention: A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI | news.ycombinator.com | 2021-07-30

    I've done extensive research in this area and looked at existing tools including bandit to scan the whole pypi repository and monitor what is being uploaded there, the conclusion was that most of the tools are not up for this task so I made a new framework from scratch that is specially design for this purpose, to scan the whole PyPI repository, it's called Aura: https://github.com/SourceCode-AI/aura

  • GitHub repo pyrcrack

    Python Aircrack-ng bindings

  • GitHub repo onionnux

    Onionnux is a onionsite(DEEPNET/DARKNET) tool.It can help to idenitfy onionsite is active or onionsite server name.

    Project mention: #Onionnux: Herramienta onionsite (DEEPNET/DARKNET) para identificar si sitio .onion está activo o el nombre del servidor | reddit.com/r/u_esgeeks | 2021-03-15
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-15.

Python security-audit related posts

Index

What are some of the best open-source security-audit projects in Python? This list will help you:

Project Stars
1 faraday 3,222
2 Reconnoitre 1,828
3 github-dorks 1,709
4 inql 887
5 kubestriker 873
6 ssh-mitm 736
7 habu 721
8 enum4linux-ng 521
9 pip-audit 359
10 kcare-uchecker 174
11 aura 68
12 pyrcrack 61
13 onionnux 14
Find remote jobs at our new job board 99remotejobs.com. There are 29 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
OPS - Build and Run Open Source Unikernels
Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.
github.com/nanovms