Python web-security

Open-source Python projects categorized as web-security
Edit details
Security Hacking Penetration Testing security-tools Cybersecurity
Deploy and host your apps and databases, now with $50 credit!
Sevalla is the PaaS you have been looking for! Advanced deployment pipelines, usage-based pricing, preview apps, templates, human support by developers, and much more!
sevalla.com
featured

Top 13 Python web-security Projects

web-security

  1. BunkerWeb

    🛡️ Open-source and next-generation Web Application Firewall (WAF)

    Project mention: Show HN: BunkerWeb – The Open-Source Web Application Firewall (WAF) | news.ycombinator.com | 2024-12-06

  2. Civic Auth

    Simple auth for Python backends. Drop Civic Auth into your Python backend with just a few lines of code. Email login, SSO, and route protection built-in. Minimal config. Works with FastAPI, Flask, or Django.

    Civic Auth logo

  3. DDoS-Ripper

    DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

  4. requests-ip-rotator

    A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

    Project mention: Doge Worker's Code Supports NLRB Whistleblower | news.ycombinator.com | 2025-04-23

    > Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially. As it happens, there is a newer version of this project that was derived or “forked” from Ge0rg3’s code — called “async-ip-rotator” — and it was committed to GitHub in January 2025 by DOGE captain Marko Elez.

    Original code: https://github.com/Ge0rg3/requests-ip-rotator

    Forked: https://github.com/markoelez/async-ip-rotator

    Code is pretty much the same, with comments removed, some `async` sprinkled in and minor changes (I bet this was just pasted into LLM with prompt to make it async, but if that worked why not).

    Except... Original GPL3 license is gone. Obviously not something you would expect DOGE people to understand or respect.

  5. GitHacker

    🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

  6. FavFreak

    Making Favicon.ico based Recon Great again !

  7. Secure

    Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable. (by TypeError)

    Project mention: This Week In Python | dev.to | 2024-10-04

    secure – Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more

  8. lookyloo

    Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

    Project mention: Display tree of domains called by a website | news.ycombinator.com | 2024-11-16

  9. Sevalla

    Deploy and host your apps and databases, now with $50 credit! Sevalla is the PaaS you have been looking for! Advanced deployment pipelines, usage-based pricing, preview apps, templates, human support by developers, and much more!

    Sevalla logo

  10. jwt-pwn

    Security Testing Scripts for JWT

  11. aizawa

    Aizawa is a command-line webshell designed to execute commands through HTTP header

  12. cerberus

    Cerberus is another simple stressing tool simulating DDoS attacks. (by francesco-ficarola)

  13. dosbomb

    dosbomb ia a dos tool that cuts off targets or surrounding infrastructure in a flood of Internet traffic

  14. soos-dast

    SOOS DAST Scanning - Register for a Free Trial at https://app.soos.io/register

  15. rengine_burp_integration

    A Python tool that seamlessly integrates reNgine and reNgine-ng reconnaissance data with Burp Suite Professional for enhanced web application security testing workflows.

    Project mention: Show HN: ReNgine-Burp Integration Tool – Automate Recon Data into Burp Suite | news.ycombinator.com | 2025-07-27
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python web-security discussion

Log in or Post with

Python web-security related posts

  • Display tree of domains called by a website

    1 project | news.ycombinator.com | 16 Nov 2024

  • Cdk8s: CNCF-Backed Infrastructure-as-Code (IaC) for Kubernetes

    2 projects | news.ycombinator.com | 6 Sep 2022

  • Please remove that .git folder

    1 project | dev.to | 22 Jun 2022

  • Lookyloo/lookyloo - Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other

    1 project | /r/bag_o_news | 3 May 2021

  • Lookyloo is a web interface that captures a webpage and then displays a tree of the domains, that call each other.

    1 project | /r/blueteamsec | 25 Apr 2021

  • mazen160/jwt-pwn - Security Testing Scripts for JWT

    1 project | /r/GithubSecurityTools | 11 Apr 2021
  • A note from our sponsor - Sevalla
    sevalla.com | 31 Aug 2025
    Sevalla is the PaaS you have been looking for! Advanced deployment pipelines, usage-based pricing, preview apps, templates, human support by developers, and much more! Learn more →

Index

What are some of the best open-source web-security projects in Python? This list will help you:

# Project Stars
1 BunkerWeb 8,993
2 DDoS-Ripper 2,398
3 requests-ip-rotator 1,598
4 GitHacker 1,548
5 FavFreak 1,229
6 Secure 943
7 lookyloo 721
8 jwt-pwn 315
9 aizawa 63
10 cerberus 21
11 dosbomb 13
12 soos-dast 6
13 rengine_burp_integration 2

Sponsored
Simple auth for Python backends
Drop Civic Auth into your Python backend with just a few lines of code. Email login, SSO, and route protection built-in. Minimal config. Works with FastAPI, Flask, or Django.
www.civic.com

Did you know that Python is
the 2nd most popular programming language
based on number of references?

Loading...