Top 20 Python security-automation Projects

• monkey

  5 6,483 10.0 Python

  Infection Monkey - An open-source adversary emulation platform

  

Project mention: Security Audit Scan | /r/msp | 2023-06-14

• caldera

  16 5,175 9.2 Python

  Automated Adversary Emulation Platform

  

Project mention: SOC Malware/Detection lab | /r/cybersecurity | 2023-07-03

Also, for the attack emulation part you might be interested in CALDERA.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• faraday

  8 4,600 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• Astra

  2 2,424 0.0 Python

  Automated Security Testing For REST API's

  

• fixinventory

  38 1,533 9.6 Python

  Fix Inventory consolidates user, resource, and configuration data from your cloud environments into a unified, graph-based asset inventory.

  

Project mention: Show HN: Fix – An open source cloud asset inventory for cloud security engineers | news.ycombinator.com | 2024-03-27

The reasoning is explained in the very section of our Github org README you quoted this sentence from. Our main open source project is Fix Inventory (https://github.com/someengineering/fixinventory) and that is very well documented (https://inventory.fix.security) and uses no commercial 3rd party libraries.

The Fix SaaS frontend that you're referring to and that you find at https://fix.security builds upon Fix Inventory. We could have just made it closed-source like every other SaaS (think Grafana Cloud). But because I'm a big proponent of OSS we decided to open source our entire SaaS stack, frontend, backend as well as all internal tooling. The main intend here is transparency, not so you spin up your own SaaS environment.

Essentially we develop the SaaS for ourselves first and foremost, but saw no reason to make it closed source. So that is why it might be using any number of commercial 3rd party add-ons.

> I'm curious to know what Material UI provided that any other open-source UI library did not.

I believe it was some MUI X table features like multi row sorting that we didn't feel like re-implementing. I'm sure there's other open source libs that would do that, but we've settled on MUI and are not going to start mixing different UI libraries for different visual elements if we don't absolutely have to.

• Sooty

  1 1,282 0.0 Python

  The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

• FACT_core

  2 1,156 9.1 Python

  Firmware Analysis and Comparison Tool

  

Project mention: Diving into Starlink's User Terminal Firmware | news.ycombinator.com | 2023-08-29

I was part of a project that did some analysis of OpenWRT firmware at scale. It was a lot of fun. The firmware is ( obviously ) publicly available. If you're interested in finding some cool results, you should try out FACT:

https://github.com/fkie-cad/FACT_core

It's a super neat tool that does lots of interesting things.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• cve-bin-tool

  10 1,061 9.8 Python

  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

  

Project mention: FLaNK Stack Weekly 19 Feb 2024 | dev.to | 2024-02-19

• APTRS

  5 770 5.0 Python

  Automated Penetration Testing Reporting System

  

• trailscraper

  6 762 8.9 Python

  A command-line tool to get valuable information out of AWS CloudTrail

• turbinia

  1 711 9.0 Python

  Automation and Scaling of Digital Forensics Tools

  

Project mention: Log2Timeline -> Timesketch | /r/computerforensics | 2023-05-16

You want Turbinia and DFTimewolf. Literally the tools built by the DF team at Google (the same team that makes L2T) purpose-built to do exactly what you're asking.

• betterscan-ce

  34 683 7.3 Python

  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

• theo

  2 338 0.0 Python

  Ethereum recon and exploitation tool. (by cleanunicorn)

• embark

  5 291 9.4 Python

  EMBArk - The firmware security scanning environment (by e-m-b-a)

  

• kestrel-lang

  1 273 9.6 Python

  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

  

• xssmap

  1 139 10.0 Python

  Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

  

Project mention: Docker explained for pentesters | dev.to | 2023-11-29

Let's take a look at an example. We assume that we want to create an environment to automate several tools, including xira. The contents of the directory holding our scripts:

• flake8-bandit

  3 111 0.0 Python

  Automated security testing using bandit and flake8.

• faraday_plugins

  1 45 8.4 Python

  Security tools report parsers for Faradaysec.com

  

• CyberSecurityAuditScript

  3 9 4.0 Python

  Security audit script decreases info gathering from average of 5 minutes, to 20 seconds, and returns everything into a textfile.

• autowpscan

  1 2 4.3 Python

  Assistant work tool for wpscan.

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python security-automation related posts

• Diving into Starlink's User Terminal Firmware
  1 project | news.ycombinator.com | 29 Aug 2023
• SOC Malware/Detection lab
  2 projects | /r/cybersecurity | 3 Jul 2023
• Security Audit Scan
  1 project | /r/msp | 14 Jun 2023
• Automated penetration testing software?
  2 projects | /r/AskNetsec | 16 May 2023
• Kaseya Acquired Vonahi Security
  2 projects | /r/msp | 25 Apr 2023
• Endpoint Attack Simulation
  1 project | /r/cybersecurity | 24 Feb 2023
• Do you know the Mitre tool "Caldera"? How can I build a plugin for it?
  1 project | /r/blueteamsec | 4 Nov 2022
• A note from our sponsor - WorkOS
  workos.com | 25 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!