Top 23 Python security-automation Projects

security-automation

• Add a project

1. xonsh

   1 123 8,771 9.4 Python

   :shell: Python-powered shell. Full-featured and cross-platform.

   

   Project mention: Advanced Shell Scripting with Bash (2006) [pdf] | news.ycombinator.com | 2025-04-17

   (Not sure about the equivalent of shlex.quote, but in the worst case, you can just use "from shlex import quote as q" or something).

   So yes, there are good alternatives to bash - even Python based.

   [0] https://xon.sh/

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. monkey

   2 5 6,794 9.1 Python

   Infection Monkey - An open-source adversary emulation platform

   

4. caldera

   3 16 6,126 8.9 Python

   Automated Adversary Emulation Platform

   

5. faraday

   4 8 5,400 3.3 Python

   Open Source Vulnerability Management Platform (by infobyte)

   

6. Astra

   5 2 2,573 3.4 Python

   Automated Security Testing For REST API's

   

7. fixinventory

   6 39 1,970 9.3 Python

   Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.

   

   Project mention: Defenders think in lists. Attackers think in graphs. So attackers win | news.ycombinator.com | 2024-08-24

   There is also Fix Inventory, which is a graph-based security tool:

   https://github.com/someengineering/fixinventory

   I'm one of the people behind Fix Inventory. What scares a lot of developers away from graph-based tools is the graph query language. It has a steep learning curve, and unless you write queries every day, it's really cumbersome to learn.

   We simplified that with our own search syntax that has all the benefits of the graph, but simplified a few concepts like graph traversal.

8. cve-bin-tool

   7 13 1,414 9.8 Python

   The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

   

   Project mention: My Goals Working On Open Source | dev.to | 2024-12-10

   So far I think I've been doing pretty well. While the scope of my contributions has varied, I've been able to work on a few projects - some larger than others, but all of them being software that people actually use (as opposed to someone's side project): cve-bin-tool, libplanet, ByteChef, Ghostfolio, and Mattermost.

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. Sooty

    8 1 1,395 3.5 Python

    The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

    

11. FACT_core

    9 2 1,330 8.9 Python

    Firmware Analysis and Comparison Tool

    

12. betterscan

    10 34 859 9.8 Python

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

    

13. trailscraper

    11 6 815 9.0 Python

    A command-line tool to get valuable information out of AWS CloudTrail

    

14. turbinia

    12 1 765 8.3 Python

    Automation and Scaling of Digital Forensics Tools

    

15. raven

    13 2 657 5.2 Python

    CI/CD Security Analyzer (by CycodeLabs)

    

16. falconpy

    14 30 406 9.6 Python

    The CrowdStrike Falcon SDK for Python

    

17. theo

    15 2 346 2.5 Python

    Ethereum recon and exploitation tool. (by cleanunicorn)

    

18. embark

    16 5 339 9.3 Python

    EMBArk - The firmware security scanning environment (by e-m-b-a)

    

19. kestrel-lang

    17 1 313 9.7 Python

    Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

    

20. xssmap

    18 1 148 10.0 Python

    Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

    

21. flake8-bandit

    19 3 113 0.0 Python

    Automated security testing using bandit and flake8.

    

22. faraday_plugins

    20 1 53 8.9 Python

    Security tools report parsers for Faradaysec.com

    

23. vulnerability-scan-github-action-for-amazon-inspector

    21 1 39 6.9 Python

    Scan artifacts with Amazon Inspector from GitHub Actions workflows.

    

    Project mention: Securing Your Container Pipeline: Using AWS Inspector with GitHub Actions | dev.to | 2025-03-14

    At its core, the workflow uses the Vulnerability Scan GitHub Action for Amazon Inspector, which integrates with AWS Inspector to perform comprehensive vulnerability scanning on your container images.

24. CyberSecurityAuditScript

    22 3 11 4.0 Python

    Security audit script decreases info gathering from average of 5 minutes, to 20 seconds, and returns everything into a textfile.

    

25. autowpscan

    23 1 1 4.3 Python

    Assistant work tool for wpscan.

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Python security-automation related posts

• Diving into Starlink's User Terminal Firmware

  1 project | news.ycombinator.com | 29 Aug 2023

• SOC Malware/Detection lab

  2 projects | /r/cybersecurity | 3 Jul 2023

• Security Audit Scan

  1 project | /r/msp | 14 Jun 2023

• Automated penetration testing software?

  2 projects | /r/AskNetsec | 16 May 2023

• Kaseya Acquired Vonahi Security

  2 projects | /r/msp | 25 Apr 2023

• Endpoint Attack Simulation

  1 project | /r/cybersecurity | 24 Feb 2023

• Do you know the Mitre tool "Caldera"? How can I build a plugin for it?

  1 project | /r/blueteamsec | 4 Nov 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 19 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Python projects with our weekly report!