Главная » Языки программирования

Security projects in python

На чтение 9 мин
Содержание
  1. Saved searches
  2. Use saved searches to filter your results more quickly
  3. guardrailsio/awesome-python-security
  4. Name already in use
  5. Sign In Required
  6. Launching GitHub Desktop
  7. Launching GitHub Desktop
  8. Launching Xcode
  9. Launching Visual Studio Code
  10. Latest commit
  11. Git stats
  12. Files
  13. README.md
  14. Top 23 Python Security Projects
  15. InfluxDB
  16. SQLMap
  17. CheatSheetSeries
  18. hosts
  19. macOS-Security-and-Privacy-Guide
  20. wifiphisher
  21. Sonar
  22. routersploit
  23. dirsearch
  24. urh
  25. scapy
  26. opensnitch
  27. mvt
  28. Mailpile
  29. Fail2Ban
  30. prowler

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Awesome Python Security resources 🕶 🐍 🔐

guardrailsio/awesome-python-security

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

A curated list of awesome Python security related resources.

List inspired by the awesome list thing.

  • Secure.py — secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
  • Flask-HTTPAuth — Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
  • Flask Talisman — Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
  • Django Session CSRF — CSRF protection for Django without cookies.
  • hawkeye — Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • GuardRails — A GitHub App that gives you instant security feedback in your Pull Requests.
  • Hubble — Hubble is a modular, open-source security compliance framework.
  • Salus — Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
  • Bandit — Bandit is a tool designed to find common security issues in Python code.
  • Pyt — A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
  • Detect Secrets — An enterprise friendly way of detecting and preventing secrets in code.
Читайте также:  Как скрыть терминал python

Vulnerabilities and Security Advisories

  • Safety — Safety checks your installed dependencies for known security vulnerabilities.
  • snyk Vulnerability DB — Commercial but free listing of known vulnerabilities in libraries.
  • Common Vulnerabilities and Exposures — Vulnerabilities that were assigned a CVE. Covers the language and packages.
  • National Vulnerability Database — Python known vulnerabilities in the National Vulnerability Database.
  • EvilTwinFramework — A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
  • sqlmap — Automatic SQL injection and database takeover tool
  • Passlib — Secure password storage/hashing library, very high level.
  • PyNacl — Python binding to the Networking and Cryptography (NaCl) library.
  • Let’s be bad Guys — Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
  • django.nV — django.nV is a purposefully vulnerable Django application provided by nVisium.
  • DSVW — Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
  • DVPWA — Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.
  • cryptography — A package designed to expose cryptographic primitives and recipes to Python developers.
  • 10 Common Security Gotchas in Python — 10 common security gotchas in Python and how to avoid them.
  • OWASP Python Security — Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
  • Django Security — Overview of Django’s security features includes advice on securing a Django-powered site.
  • GuardRails — A GitHub App that gives you instant security feedback in your Pull Requests.
  • Snyk — A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.

Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!

Читайте также:  Python tkinter canvas coords

Источник

Top 23 Python Security Projects

update mhils: «@FrugalGuy has just sent me genuine apology, which I truly appreciate. Please be nice and assume good intentions. :heart: » https://github.com/mitmproxy/mitmproxy/issues/6051#issuecomm.

InfluxDB

Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

SQLMap

Project mention: Enhancing Code Quality and Security: Building a Rock-Solid CI Test Suite for Seamless Development | dev.to | 2023-07-03

The DAST checks can be automated up to a certain point, where the code should be able to withstand certain scans and attacks. For eg. SQL Injections can be checked with sqlmap which tests with each and every type of sql injection payload and reports it back to the user.

CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

hosts

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

Project mention: [Paid Release]CCAdsBeGone — Customized Ads Blocking At Your Fingertips | /r/jailbreak | 2023-07-13

There is one main GitHub that I found (could be many many more) and based my research on — https://github.com/StevenBlack/hosts this GitHub contains many many different hosts for different purposes, you can just download one and upload the one you want to use from CCAdsBeGone settings, if you feel the default shipped in file of the tweak is not sufficient for your needs.

macOS-Security-and-Privacy-Guide

wifiphisher

Project mention: I am looking for a shortcut to convert PICs like this to a working CSS code using the aid of AI, is it possible ? ( i am studying CyberSec, so i need temps like this from time to time, i am mediocre at programming tho) | /r/ChatGPT | 2023-04-09

Sonar

Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

routersploit

Project mention: I forgot my Router’s password and I can just press Reset Button on router.. but is there any fun way to change the password? I know the Wifi’s Username/Pass and Router’s admin name. | /r/HowToHack | 2023-01-12

Читайте также:  Таблица

dirsearch

Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22

urh

Project mention: 1.6 GHz is a known interstellar communication signal? | /r/skinwalkerranch | 2023-07-12

scapy

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

I’ve coded my small ARP spoofer in Go because I love the language, though it can very well be coded in other languages, for example Python with Scapy.

opensnitch

mvt

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Project mention: As recommended, I ask it here : how can I find out if my phone is being tapped, and what should I do if it is? | /r/opsec | 2023-07-11

You can do a backup of your phone and analyze said backup using digital forensics to see if for example «automated software» will detect any of the more mainstream spyware/hacks. You can use mobile verification toolkit (mvt) to do this, but it won’t detect everything. It is however a good start, you can investigate the basic results with limited knowledge and if something is detected you can further it up to a digital forensics company because it will very highly likely be beyond your qualifications to analyze by yourself. Hope this helps.

Mailpile

Project mention: [Self Hosted] Selbst gehostete Mailserver: mailcow, mailinabox, mailU. hast du sie (eingehend) getestet? Ihre Meinung und Ratschläge hier, danke! | /r/aufdeutsch | 2023-04-27

Fail2Ban

Project mention: I am (to be) a web designer, how to ensure security on a vps? | /r/VPS | 2023-06-10

See https://github.com/fail2ban/fail2ban for beginner’s guide, basically you set it up to monitor logfiles and it would act accordingly (plenty of built-in config to handle various daemons so you don’t have to write yourself).

prowler

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

Источник

Оцените статью
© 2023 Программирование