The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Python security-tool Projects
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
-
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
-
evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
-
inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
-
requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login
Example Network Scanner Scapy
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
Bandit is a tool designed to find common security issues in Python code. It was developed by the OpenStack Security Project and is a great addition to any serious Python project.
Project mention: [GitHub Action]: Wrappers for sqlmap, bbot and nikto | /r/cybersecurity | 2023-05-29Its not that much of a tool than wrappers of few awesome tools that most of you probably know and use today - sqlmap, bbot and nikto.
Project mention: Launch HN: Slauth (YC S22) – auto-generate secure IAM policies for AWS and GCP | news.ycombinator.com | 2023-12-04Why are you using (very expensive) GPT, or any LLM for that matter, when this was already a solved problem using rulesets? Netflix for example has open source that does this already: https://github.com/Netflix/consoleme
Instead of analyzing your code, you just run your code with no permissions and it automatically detects permission failures and thens open those permissions, with a UI showing you what it did so you can remove any permissions you don't want.
That actually seems much more secure than trying to divine the rules from reading the code.
What value is the LLM adding here?
Project mention: Chipsec: Platform Security Assessment Framework | news.ycombinator.com | 2023-12-01
Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?
https://github.com/google/osv.dev/blob/master/README.md#usin... :
> We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.
Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.
Add'l useful formats:
> Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories
There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165
Python security-tools related posts
- Horus: An OSINT / digital forensics tool built in Python (formerly 'Sentinel')
- Show HN: Horus – An OSINT / digital forensics tool built in Python
- Tracking Snoop Dogg's $4M Crypto Wallet with My New Open Source Tool!
- New host intrusion detection system Impulse
- The easiest way to setup security monitoring for your VPS server or cloud VMs
- Randcrack – predict Python's random module random generated values
- Enhance your python code security using bandit
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Index
What are some of the best open-source security-tool projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | spiderfoot | 11,723 |
2 | Fail2Ban | 10,423 |
3 | scapy | 10,028 |
4 | prowler | 9,547 |
5 | rengine | 6,685 |
6 | monkey | 6,483 |
7 | bandit | 5,989 |
8 | AutoSploit | 4,918 |
9 | bbot | 3,506 |
10 | pocsuite3 | 3,496 |
11 | IntelOwl | 3,103 |
12 | consoleme | 3,065 |
13 | chipsec | 2,827 |
14 | TorBot | 2,599 |
15 | Reconnoitre | 2,065 |
16 | rapidscan | 1,650 |
17 | opencve | 1,618 |
18 | evillimiter | 1,478 |
19 | inql | 1,460 |
20 | osv.dev | 1,403 |
21 | dronesploit | 1,353 |
22 | requests-ip-rotator | 1,227 |
23 | ssh-mitm | 1,219 |
Sponsored