Top 23 Python Vulnerability Projects

• PayloadsAllTheThings

  34 56,681 8.6 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

• faraday

  8 4,600 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• osv.dev

  19 1,403 9.7 Python

  Open source vulnerability DB and triage service.

  

Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15

Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?

https://github.com/google/osv.dev/blob/master/README.md#usin... :

> We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.

Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.

Add'l useful formats:

> Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories

• VulnWhisperer

  1 1,335 0.0 Python

  Create actionable data from your Vulnerability Scans

  

• quark-engine

  1 1,223 8.3 Python

  Dig Vulnerabilities in the BlackBox

  

• cve-bin-tool

  10 1,061 9.8 Python

  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

  

Project mention: FLaNK Stack Weekly 19 Feb 2024 | dev.to | 2024-02-19

• betterscan-ce

  34 678 7.6 Python

  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• packj

  38 613 7.2 Python

  Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

  

Project mention: Rust Without Crates.io | news.ycombinator.com | 2023-11-14

Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

• SIET

  2 556 2.6 Python

  Smart Install Exploitation Tool

  

• Telegram-Trilateration

  9 541 0.0 Python

  Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location

• vulnerablecode

  2 469 8.8 Python

  A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

  

• vulnix

  4 394 1.2 Python

  Vulnerability (CVE) scanner for Nix/NixOS.

  

• Sekiryu

  2 346 8.2 Python

  Comprehensive toolkit for Ghidra headless.

• cyberowl

  14 241 6.3 Python

  A daily updated summary of the most frequent types of security advisories currently being reported from different sources.

Project mention: Promote your business, week of May 15, 2023 | /r/smallbusiness | 2023-05-15

• Egyscan

  1 179 8.6 Python

  Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

Project mention: EgyScan Version 2.0 Has Been Released ! | /r/netsec | 2023-07-24

• dheater

  9 170 6.9 Python

  D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)

  

• RVD

  1 158 0.0 Python

  Robot Vulnerability Database. An archive of robot vulnerabilities and bugs. (by aliasrobotics)

  

Project mention: Unsafe YAML exploitation | /r/ROS | 2023-12-11

• PoC-CVE-2022-30190

  1 156 2.6 Python

  POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

• gvm-tools

  2 153 8.9 Python

  Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

  

• kitsec-core

  6 137 8.3 Python

  Ethical hacking, made easy.

  

• ShellShockHunter

  1 104 1.8 Python

  It's a simple tool for test vulnerability shellshock

• SSVC

  1 103 9.2 Python

  Stakeholder-Specific Vulnerability Categorization

  

• turing-machine

  4 76 1.8 Python

  A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Vulnerability related posts

• Announcing Pyscan: A dependency vulnerability scanner for python projects.
  3 projects | /r/u_aswin__ | 15 May 2023
• I launched my first SaaS on ProductHunt and I don't know if I should have
  1 project | /r/SideProject | 12 May 2023
• A tool that aggregates security advisories from multiple sources. You can get them by email!
  1 project | /r/cybersecurity | 12 May 2023
• I built a tool that aggregates security advisories from multiple sources. You can get them by email!
  1 project | /r/netsec | 12 May 2023
• Kaseya Acquired Vonahi Security
  2 projects | /r/msp | 25 Apr 2023
• Show HN: TypeScript Security Scanner
  2 projects | news.ycombinator.com | 12 Apr 2023
• Distributed vulnerability database for Open Source
  1 project | news.ycombinator.com | 3 Jan 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 23 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!