Python security-audit

Open-source Python projects categorized as security-audit

Top 23 Python security-audit Projects

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    1. Prowler: https://github.com/prowler-cloud/prowler Prowler provides security best practices assessments, audits, incident response readiness, and continuous monitoring for AWS environments.

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • github-dorks

    Find leaked secrets via github search

  • Project mention: Information Disclosure | dev.to | 2024-04-01

    Now, whenever we talk about source code the first thing that comes into mind is Github, we can also use Github Dorks to search secrets in the code, you will find useful search techniques in its cheatsheet, there is also a GitHub tool for that Github-Dorks.

  • Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

  • owasp-masvs

    The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  • Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03

    https://github.com/OWASP/owasp-masvs :

    > The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  • inql

    InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  • ssh-mitm

    SSH-MITM - ssh audits made simple (by ssh-mitm)

  • Project mention: Terrapin Attack for prefix injection in SSH | news.ycombinator.com | 2023-12-19

    There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • SysReptor

    Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

  • enum4linux-ng

    A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

  • kubestriker

    A Blazing fast Security Auditing tool for Kubernetes

  • pip-audit

    Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

  • Project mention: Smooth Packaging: Flowing from Source to PyPi with GitLab Pipelines | dev.to | 2024-01-18

    Next up is making sure, none of the dependencies used throughout the project brings with it any already identified security issue. The makefile target audit, invokes the handy tool pip-audit.

  • ElectricEye

    ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

  • habu

    Hacking Toolkit

  • dep-scan

    OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

  • Project mention: Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone | /r/devsecops | 2023-12-05

    Depscan v5 is the first opensource SCA tool that can perform precision reachability analysis for Java, JavaScript/TypeScript, and Python applications to triage and prioritize the results. We invented an automatic symbols tagger, a lightweight data-flow analyzer, and a static slicer to compute all reachable flows with or without vulnerabilities. We open-sourced all our work, including the specification.

  • betterscan-ce

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

  • packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

  • Project mention: Rust Without Crates.io | news.ycombinator.com | 2023-11-14

    Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

    1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

  • aura

    Python source code auditing and static analysis on a large scale (by SourceCode-AI)

  • aws-cloudsaga

    AWS CloudSaga - Simulate security events in AWS

  • zap-cli

    A simple tool for interacting with OWASP ZAP from the commandline.

  • kcare-uchecker

    A simple tool to detect outdated shared libraries

  • poro

    Scan publicly accessible assets on your AWS cloud environment

  • pyrcrack

    Python Aircrack-ng bindings

  • dummy

    Generator of static files(csv, jpeg, png, pdf) for testing file upload. It can generate csv and png files of any number of bytes! (by sterrasec)

  • Project mention: GitHub - sterrasec/dummy: Generator of static files for testing file upload. It can generate the png file of any number of bytes! | /r/webdev | 2023-10-20
  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python security-audit related posts

  • Information Disclosure

    1 project | dev.to | 1 Apr 2024
  • Ask HN: Cloud security auditing for indie-grade projects?

    1 project | news.ycombinator.com | 4 Dec 2023
  • GitHub - sterrasec/dummy: Generator of static files for testing file upload. It can generate the png file of any number of bytes!

    1 project | /r/webdev | 20 Oct 2023
  • Automating AWS Prowler Scans

    1 project | dev.to | 23 Aug 2023
  • Pyscan: A command-line tool to detect security issues in your python dependencies.

    2 projects | /r/Python | 17 May 2023
  • How Attackers Can Sneakily Slip Malware Packages Into Poetry.lock Files

    2 projects | /r/Python | 2 May 2023
  • Show HN: TypeScript Security Scanner

    2 projects | news.ycombinator.com | 12 Apr 2023
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 25 May 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

What are some of the best open-source security-audit projects in Python? This list will help you:

Project Stars
1 prowler 9,684
2 faraday 4,651
3 github-dorks 2,667
4 Reconnoitre 2,065
5 owasp-masvs 1,947
6 inql 1,481
7 ssh-mitm 1,233
8 SysReptor 1,163
9 enum4linux-ng 1,041
10 kubestriker 979
11 pip-audit 928
12 ElectricEye 872
13 habu 862
14 dep-scan 873
15 betterscan-ce 701
16 packj 619
17 aura 487
18 aws-cloudsaga 427
19 zap-cli 225
20 kcare-uchecker 185
21 poro 141
22 pyrcrack 118
23 dummy 58

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com