Python vulnerability-scanners

Open-source Python projects categorized as vulnerability-scanners

Top 23 Python vulnerability-scanner Projects

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • rapidscan

    :new: The Multi-Tool Web Vulnerability Scanner.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • safety

    Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

    Project mention: A Tale of Two Kitchens - Hypermodernizing Your Python Code Base | dev.to | 2023-11-12

    Safety and Dependabot complement these security tools by focusing on external dependencies. Safety takes charge of examining your dependencies, ensuring they are up-to-date and free from any known vulnerabilities. Dependabot works similarly, scanning dependencies, verifying if they're current and assessing them for potential security flaws. This function is crucial as weaknesses in external dependencies can compromise the security of the entire codebase.

  • osv.dev

    Open source vulnerability DB and triage service.

    Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15

    Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?

    https://github.com/google/osv.dev/blob/master/README.md#usin... :

    > We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.

    Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.

    Add'l useful formats:

    > Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories

  • AutoPWN-Suite

    AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

  • garak

    LLM vulnerability scanner

    Project mention: FLaNK Stack Weekly for 20 June 2023 | dev.to | 2023-06-20
  • dep-scan

    OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

    Project mention: Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone | /r/devsecops | 2023-12-05

    Depscan v5 is the first opensource SCA tool that can perform precision reachability analysis for Java, JavaScript/TypeScript, and Python applications to triage and prioritize the results. We invented an automatic symbols tagger, a lightweight data-flow analyzer, and a static slicer to compute all reachable flows with or without vulnerabilities. We open-sourced all our work, including the specification.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    Project mention: Rust Without Crates.io | news.ycombinator.com | 2023-11-14

    Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

    1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

  • vulnerablecode

    A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

  • nerve

    NERVE Continuous Vulnerability Scanner (by PaytmLabs)

  • nebula

    AI-Powered Ethical Hacking Assistant (by berylliumsec)

    Project mention: nebula: AI-Powered Ethical Hacking Assistant - Nebula is an AI-powered assistant specifically designed for the field of ethical hacking. It provides a unique capability for users to input commands using natural language processing, facilitating a seamless transition from intent to execution. | /r/blueteamsec | 2023-10-29
  • embark

    EMBArk - The firmware security scanning environment (by e-m-b-a)

  • Jira-Lens

    Fast and customizable vulnerability scanner For JIRA written in Python

  • inthewilddb

    Hourly updated database of exploit and exploitation reports

    Project mention: Where do you get your information regarding new vulnerabilities and security risks? | /r/sysadmin | 2023-05-09

    intothewild - https://github.com/gmatuz/inthewilddb/blob/master/rss.xml

  • Vailyn

    A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

  • Egyscan

    Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

    Project mention: EgyScan Version 2.0 Has Been Released ! | /r/netsec | 2023-07-24
  • LAST

    Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini (by latiotech)

    Project mention: Easy and Open Source Code Scanning with OpenAI | news.ycombinator.com | 2024-01-24
  • jake

    Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.

  • sbomnix

    A suite of utilities to help with software supply chain challenges on nix targets

    Project mention: Wolfi: A community Linux OS designed for the container and cloud-native era | news.ycombinator.com | 2023-06-27

    I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention

    There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.

    1: https://github.com/tiiuae/sbomnix

  • citrixInspector

    Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519

    Project mention: citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519 | /r/blueteamsec | 2023-07-25
  • Saker

    Flexible Penetrate Testing Auxiliary Suite

  • xira

    xss vulnerability scanner and input fuzzing tool.

  • ochrona-cli

    A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-15.

Python vulnerability-scanners related posts

Index

What are some of the best open-source vulnerability-scanner projects in Python? This list will help you:

Project Stars
1 faraday 4,558
2 rapidscan 1,629
3 safety 1,611
4 osv.dev 1,374
5 AutoPWN-Suite 875
6 garak 741
7 dep-scan 676
8 packj 594
9 vulnerablecode 464
10 nerve 438
11 nebula 347
12 embark 280
13 Jira-Lens 263
14 inthewilddb 188
15 Vailyn 187
16 Egyscan 179
17 LAST 128
18 jake 99
19 sbomnix 90
20 citrixInspector 72
21 Saker 67
22 xira 59
23 ochrona-cli 52
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com