Top 23 Python Vulnerability Projects

• PayloadsAllTheThings

  19 47,941 6.8 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Project mention: Becoming a security researcher. Help with a realistic timeline? | reddit.com/r/AskNetsec | 2023-05-17

  - https://github.com/swisskyrepo/PayloadsAllTheThings - https://book.hacktricks.xyz/welcome/readme

• faraday

  5 3,950 9.6 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

  Project mention: Penetration Testing Report | reddit.com/r/Pentesting | 2022-12-20

  or you can also use our open source version: https://github.com/infobyte/faraday

• Sonar

  www.sonarsource.com

  sponsored

  Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  

• VulnWhisperer

  0 1,300 0.0 Python

  Create actionable data from your Vulnerability Scans

  

• osv.dev

  13 1,126 9.6 Python

  Open source vulnerability DB and triage service.

  

  Project mention: Pyscan: A command-line tool to detect security issues in your python dependencies. | reddit.com/r/Python | 2023-05-17

  https://osv.dev its open source and even has a free API with almost all the popular languages. One of the inspirations for my project.

• SIET

  1 527 1.6 Python

  Smart Install Exploitation Tool

  

  Project mention: seg fault when running with script | reddit.com/r/nmap | 2022-09-20

  Im having a similar problem. Im running the cisco-siet.nse included in https://github.com/frostbits-security/SIET.git. Other nmap (non-script) commands seem to complete as well and simply say segmentation fault at the end. I can provide more information. I'm not sure what would be helpful, this is beyond my scope of knowledge.

• packj

  32 518 0.0 Python

  Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

  

  Project mention: How to use Podman inside of a container | news.ycombinator.com | 2023-04-26

  I built Packj [1] sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.

  1. https://github.com/ossillate-inc/packj

• Telegram-Trilateration

  0 485 0.0 Python

  Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location

• ONLYOFFICE

  www.onlyoffice.com

  sponsored

  ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

  

• vulnerablecode

  1 338 6.4 Python

  A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

  

  Project mention: SBOM with VulnerableCode.io | dev.to | 2022-11-15

  $ git clone https://github.com/nexB/vulnerablecode.git $ cd vulnerablecode $ make envfile $ docker-compose build

• vulnix

  1 307 0.0 Python

  Vulnerability (CVE) scanner for Nix/NixOS.

  

  Project mention: Is NixOS a thing? | reddit.com/r/devops | 2022-11-09

  it is very easy to scan your entire dependency tree for known vulnerabilities for Nix, all the way up to a whole OS

• phpvuln

  0 275 0.0 Python

  🕸️ Audit tool to find common vulnerabilities in PHP source code

• cyberowl

  13 219 10.0 Python

  A daily updated summary of the most frequent types of security incidents currently being reported from different sources.

  Project mention: Promote your business, week of May 15, 2023 | reddit.com/r/smallbusiness | 2023-05-15

• PoC-CVE-2022-30190

  1 147 2.1 Python

  POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

  Project mention: Zero-Click MS Office RCE Proof of Concept (MSDT Follina) | news.ycombinator.com | 2022-06-01

• dheater

  0 145 1.3 Python

  D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

  

• gvm-tools

  1 143 9.4 Python

  Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

  

  Project mention: Help propose modification to function | reddit.com/r/Python | 2022-11-24

  Greenbone vulnerability scanner. Script to create scan targets from a file with list of hosts (link to script)

• ShellShockHunter

  0 91 1.0 Python

  It's a simple tool for test vulnerability shellshock

• turing-machine

  0 74 1.0 Python

  A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)

• nsa-codebreaker-2020

  0 71 0.0 Python

  My solutions to the 2020 NSA Codebreaker Challenge

• bitcoin-recover-privkey

  1 63 0.0 Python

  Proof of concept of bitcoin private key recovery using weak ECDSA signatures

  Project mention: Are old wallet addresses reusable even if the address changes after a while? | reddit.com/r/BitcoinBeginners | 2022-07-16

• nvdlib

  0 46 2.1 Python

  A simple wrapper for the National Vulnerability CVE/CPE API

• dp_cryptomg

  1 38 10.0 Python

  Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler.

  

  Project mention: Telerik Revist - New Exploit Tool | reddit.com/r/netsec | 2022-10-19

• OrgASM

  2 8 10.0 Python

  A tool for Oragnized ASM (Attack Surface Mapper). Subdomains enumeration, IPs scans, Vulnerability assesment...

  Project mention: New Attack Surface Discovery tool : OrgASM | reddit.com/r/cybersecurity | 2023-05-31

• wpsec-cli

  3 8 10.0 Python

  WPSec command line tool

  

  Project mention: How to test security of my website | reddit.com/r/web_design | 2023-04-16

  wpsec

• Heartbleed

  0 6 0.0 Python

  Heartbleed vulnerability exploited 🩸

• CodiumAI

  codium.ai

  sponsored

  TestGPT | Generating meaningful tests for busy devs. Get non-trivial tests (and trivial, too!) suggested right inside your IDE, so you can code smart, create more value, and stay confident when you push.

  

Python Vulnerability related posts

• Announcing Pyscan: A dependency vulnerability scanner for python projects.
  3 projects | reddit.com/r/u_aswin__ | 15 May 2023
• I launched my first SaaS on ProductHunt and I don't know if I should have
  1 project | reddit.com/r/SideProject | 12 May 2023
• A tool that aggregates security advisories from multiple sources. You can get them by email!
  1 project | reddit.com/r/cybersecurity | 12 May 2023
• I built a tool that aggregates security advisories from multiple sources. You can get them by email!
  1 project | reddit.com/r/netsec | 12 May 2023
• Kaseya Acquired Vonahi Security
  2 projects | reddit.com/r/msp | 25 Apr 2023
• Show HN: TypeScript Security Scanner
  2 projects | news.ycombinator.com | 12 Apr 2023
• Distributed vulnerability database for Open Source
  1 project | news.ycombinator.com | 3 Jan 2023
• A note from our sponsor - ONLYOFFICE
  www.onlyoffice.com | 31 May 2023

  Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises Learn more →

Index

Sponsored

Access the most powerful time series database as a service

Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

www.influxdata.com

Do not miss the trending Python projects with our weekly report!