Python Security

Open-source Python projects categorized as Security

Top 23 Python Security Projects

  • mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Latest mention: How to redirect an url to another url | reddit.com/r/linuxadmin | 2021-01-17

    I would look into something like Squid, mitmproxy or SSLsplit, depending on just what your needs are.

  • algo

    Set up a personal VPN in the cloud

    Latest mention: Creating and automating our own wireguard VPN server/s | reddit.com/r/WireGuard | 2021-01-15
  • sqlmap

    Automatic SQL injection and database takeover tool

    Latest mention: (ISC)² Official CISSP Tests mobile app | reddit.com/r/cissp | 2020-12-31

    sqlmap does have OS detection capabilities. Official documentation:

  • hosts

    Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

    Latest mention: Women of reddit, do you also get 'horny singles in your area' ads, if not, what are your standard adverts? | reddit.com/r/AskReddit | 2021-01-14

    Desktop/Laptop: Steven Black Hosts file + Firefox + UBO

  • routersploit

    Exploitation Framework for Embedded Devices

    Latest mention: [Discussion] Anyone managed to get RouterSploit working on iOS? Or know something that works? | reddit.com/r/jailbreak | 2021-01-04
  • Mailpile

    A free & open modern, fast email client with user-friendly encryption and privacy features

    Latest mention: What’s a safe email application for ios/ pc / android? | reddit.com/r/privacy | 2021-01-15

    For PC : Thunderbird or Mailpile

  • scapy

    Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

  • fail2ban

    Daemon to ban hosts that cause multiple authentication errors

  • opensnitch

    OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

    Latest mention: “The Great Suspender” Chrome extension maintainer is probably malicious | news.ycombinator.com | 2021-01-03

    https://github.com/evilsocket/opensnitch

    However, if you allow everything to 80/443, the extensions would still be able to connect to their servers. Maybe the browsers should add the ability to allow/deny connections per extension.

    https://github.com/gustavo-iniguez-goya/opensnitch/issues/21

  • urh

    Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

    Latest mention: What is this 433MHz signal? | reddit.com/r/RTLSDR | 2020-12-22
  • dirsearch

    Web path scanner

    Latest mention: TryHackMe's Advent of Cyber 6-8 | dev.to | 2020-10-20

    The supporting material requires you to use DirSearch, a open-source python that allows you to comb through a website with a wordlist, which is also provided. Running the command takes a while, but eventually you end up with a list of pages that your tool managed to find, one of them being /sysadmin, which is the answer to the first question.

  • onionshare

    Securely and anonymously share files, host websites, and chat with friends using the Tor network

  • bless

    Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function

    Latest mention: Why SSH certificates are awesome | dev.to | 2020-11-03

    3. BLESS - By Netflix

  • itsdangerous

    Safely pass trusted data to untrusted environments and back.

  • pyt

    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

    Latest mention: Security Audit of 3rd Party Packages | reddit.com/r/homeassistant | 2020-12-28

    https://github.com/python-security/pyt (no longer maintained, but still works).

  • ivre

    Network recon framework.

  • Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

    Latest mention: oscp and ctf bash script fro recon help | reddit.com/r/cybersecurity | 2020-12-24
  • kippo

    Kippo - SSH Honeypot

    Latest mention: desaster/kippo - Kippo - SSH Honeypot | reddit.com/r/GithubSecurityTools | 2021-01-01
  • king-phisher

    Phishing Campaign Toolkit

  • TextAttack

    TextAttack 🐙 is a Python framework for adversarial attacks, data augmentation, and model training in NLP

    Latest mention: A Visual Survey of Data Augmentation in NLP | dev.to | 2020-08-26

    Libraries like nlpaug and textattack provide simple and consistent API to apply the above NLP data augmentation methods in Python. They are framework agnostic and can be easily integrated into your pipeline.

  • shynet

    Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.

    Latest mention: Ask HN: Who wants to be hired? (January 2021) | news.ycombinator.com | 2021-01-04

    Looking for an internship/summer job/fellowship/whatever you want to call it! I have sizable development experience (at least relative to my age), so I may be able to really contribute to your team. [0]

    Location: Stanford, CA / New York, NY (depending on pandemic situation...)

    Remote: yes

    Willing to relocate: yes

    Technologies: Python, Rust, JS/web stack, C, some Haskell, some Lisp, containerization and Kubernetes, general UX work, Linux/public clouds, some cryptography and networking.

    Resume: https://miles.land and https://github.com/milesmcc

    Email: [email protected]

    [0] Check out https://a17t.miles.land (a css library I built) and https://github.com/milesmcc/shynet (my open analytics tool) for samples. I also built https://lensant.com, though I'm less happy with its design.

  • hawkpost

    Generate links that users can use to submit messages encrypted with your public key.

  • DumpsterFire

    "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

    Latest mention: How do you improve your blue team skills? | reddit.com/r/blueteamsec | 2021-01-17
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Index

What are some of the best open-source Security projects in Python? This list will help you:

Project Stars
1 mitmproxy 21,190
2 algo 19,939
3 sqlmap 19,130
4 hosts 16,766
5 routersploit 8,837
6 Mailpile 8,310
7 scapy 5,934
8 fail2ban 5,741
9 opensnitch 5,599
10 urh 5,525
11 dirsearch 5,330
12 onionshare 4,309
13 bless 2,515
14 itsdangerous 2,104
15 pyt 2,005
16 ivre 1,986
17 Reconnoitre 1,621
18 kippo 1,336
19 king-phisher 1,307
20 TextAttack 1,177
21 shynet 1,130
22 hawkpost 823
23 DumpsterFire 762