SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Python Vulnerability Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
cve-bin-tool
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
-
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
Telegram-Trilateration
Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location
-
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
-
cyberowl
A daily updated summary of the most frequent types of security advisories currently being reported from different sources.
-
Egyscan
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
-
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
-
turing-machine
A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?
https://github.com/google/osv.dev/blob/master/README.md#usin... :
> We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.
Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.
Add'l useful formats:
> Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories
Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.
1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.
Python Vulnerability related posts
- Announcing Pyscan: A dependency vulnerability scanner for python projects.
- I launched my first SaaS on ProductHunt and I don't know if I should have
- A tool that aggregates security advisories from multiple sources. You can get them by email!
- I built a tool that aggregates security advisories from multiple sources. You can get them by email!
- Kaseya Acquired Vonahi Security
- Show HN: TypeScript Security Scanner
- Distributed vulnerability database for Open Source
-
A note from our sponsor - SaaSHub
www.saashub.com | 23 Apr 2024
Index
What are some of the best open-source Vulnerability projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | PayloadsAllTheThings | 56,681 |
2 | faraday | 4,600 |
3 | osv.dev | 1,403 |
4 | VulnWhisperer | 1,335 |
5 | quark-engine | 1,223 |
6 | cve-bin-tool | 1,061 |
7 | betterscan-ce | 678 |
8 | packj | 613 |
9 | SIET | 556 |
10 | Telegram-Trilateration | 541 |
11 | vulnerablecode | 469 |
12 | vulnix | 394 |
13 | Sekiryu | 346 |
14 | cyberowl | 241 |
15 | Egyscan | 179 |
16 | dheater | 170 |
17 | RVD | 158 |
18 | PoC-CVE-2022-30190 | 156 |
19 | gvm-tools | 153 |
20 | kitsec-core | 137 |
21 | ShellShockHunter | 104 |
22 | SSVC | 103 |
23 | turing-machine | 76 |
Sponsored