Top 23 Python Security Projects
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
I would look into something like Squid, mitmproxy or SSLsplit, depending on just what your needs are.
-
algo
Set up a personal VPN in the cloud
Latest mention: Creating and automating our own wireguard VPN server/s | reddit.com/r/WireGuard | 2021-01-15 -
sqlmap
Automatic SQL injection and database takeover tool
sqlmap does have OS detection capabilities. Official documentation:
-
hosts
Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.
Latest mention: Women of reddit, do you also get 'horny singles in your area' ads, if not, what are your standard adverts? | reddit.com/r/AskReddit | 2021-01-14Desktop/Laptop: Steven Black Hosts file + Firefox + UBO
-
routersploit
Exploitation Framework for Embedded Devices
Latest mention: [Discussion] Anyone managed to get RouterSploit working on iOS? Or know something that works? | reddit.com/r/jailbreak | 2021-01-04 -
Mailpile
A free & open modern, fast email client with user-friendly encryption and privacy features
Latest mention: What’s a safe email application for ios/ pc / android? | reddit.com/r/privacy | 2021-01-15For PC : Thunderbird or Mailpile
-
scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
-
fail2ban
Daemon to ban hosts that cause multiple authentication errors
-
opensnitch
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
Latest mention: “The Great Suspender” Chrome extension maintainer is probably malicious | news.ycombinator.com | 2021-01-03https://github.com/evilsocket/opensnitch
However, if you allow everything to 80/443, the extensions would still be able to connect to their servers. Maybe the browsers should add the ability to allow/deny connections per extension.
https://github.com/gustavo-iniguez-goya/opensnitch/issues/21
-
urh
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
-
dirsearch
Web path scanner
The supporting material requires you to use DirSearch, a open-source python that allows you to comb through a website with a wordlist, which is also provided. Running the command takes a while, but eventually you end up with a list of pages that your tool managed to find, one of them being /sysadmin, which is the answer to the first question.
-
onionshare
Securely and anonymously share files, host websites, and chat with friends using the Tor network
-
bless
Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
3. BLESS - By Netflix
-
itsdangerous
Safely pass trusted data to untrusted environments and back.
-
pyt
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
https://github.com/python-security/pyt (no longer maintained, but still works).
-
ivre
Network recon framework.
-
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
-
kippo
Kippo - SSH Honeypot
Latest mention: desaster/kippo - Kippo - SSH Honeypot | reddit.com/r/GithubSecurityTools | 2021-01-01 -
king-phisher
Phishing Campaign Toolkit
-
TextAttack
TextAttack 🐙 is a Python framework for adversarial attacks, data augmentation, and model training in NLP
Libraries like nlpaug and textattack provide simple and consistent API to apply the above NLP data augmentation methods in Python. They are framework agnostic and can be easily integrated into your pipeline.
-
shynet
Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.
Looking for an internship/summer job/fellowship/whatever you want to call it! I have sizable development experience (at least relative to my age), so I may be able to really contribute to your team. [0]
Location: Stanford, CA / New York, NY (depending on pandemic situation...)
Remote: yes
Willing to relocate: yes
Technologies: Python, Rust, JS/web stack, C, some Haskell, some Lisp, containerization and Kubernetes, general UX work, Linux/public clouds, some cryptography and networking.
Resume: https://miles.land and https://github.com/milesmcc
Email: [email protected]
[0] Check out https://a17t.miles.land (a css library I built) and https://github.com/milesmcc/shynet (my open analytics tool) for samples. I also built https://lensant.com, though I'm less happy with its design.
-
hawkpost
Generate links that users can use to submit messages encrypted with your public key.
-
DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Index
What are some of the best open-source Security projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | mitmproxy | 21,190 |
| 2 | algo | 19,939 |
| 3 | sqlmap | 19,130 |
| 4 | hosts | 16,766 |
| 5 | routersploit | 8,837 |
| 6 | Mailpile | 8,310 |
| 7 | scapy | 5,934 |
| 8 | fail2ban | 5,741 |
| 9 | opensnitch | 5,599 |
| 10 | urh | 5,525 |
| 11 | dirsearch | 5,330 |
| 12 | onionshare | 4,309 |
| 13 | bless | 2,515 |
| 14 | itsdangerous | 2,104 |
| 15 | pyt | 2,005 |
| 16 | ivre | 1,986 |
| 17 | Reconnoitre | 1,621 |
| 18 | kippo | 1,336 |
| 19 | king-phisher | 1,307 |
| 20 | TextAttack | 1,177 |
| 21 | shynet | 1,130 |
| 22 | hawkpost | 823 |
| 23 | DumpsterFire | 762 |