guardrailsio / Awesome Python Security
Awesome Python Security resources πΆππ
Stars: β 738
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Awesome Python Security
Awesome Java Security
Awesome Java Security Resources πΆβπ
Stars: β 216 (-70.73%)
Mutual labels: static-analysis, security-tools, security-testing
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: β 509 (-31.03%)
Mutual labels: static-analysis, security-tools, security-testing
Awesome Dotnet Security
Awesome .NET Security Resources
Stars: β 325 (-55.96%)
Mutual labels: static-analysis, security-tools, security-testing
Shodansploit
π shodansploit > v1.3.0
Stars: β 342 (-53.66%)
Mutual labels: security-tools, security-testing
Securecodebox
secureCodeBox (SCB) - continuous secure delivery out of the box
Stars: β 279 (-62.2%)
Mutual labels: security-tools, security-testing
Hackertarget
π― HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery π―
Stars: β 320 (-56.64%)
Mutual labels: security-tools, security-testing
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: β 360 (-51.22%)
Mutual labels: static-analysis, security-tools
Watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: β 345 (-53.25%)
Mutual labels: security-tools, security-testing
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: β 3,873 (+424.8%)
Mutual labels: static-analysis, security-tools
Gosec
Golang security checker
Stars: β 5,694 (+671.54%)
Mutual labels: static-analysis, security-tools
Salus
Security scanner coordinator
Stars: β 441 (-40.24%)
Mutual labels: static-analysis, security-tools
Nerve
NERVE Continuous Vulnerability Scanner
Stars: β 267 (-63.82%)
Mutual labels: security-tools, security-testing
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: β 254 (-65.58%)
Mutual labels: static-analysis, security-tools
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: β 216 (-70.73%)
Mutual labels: static-analysis, security-tools
Taipan
Web application vulnerability scanner
Stars: β 359 (-51.36%)
Mutual labels: security-tools, security-testing
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: β 128 (-82.66%)
Mutual labels: static-analysis, security-tools
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: β 207 (-71.95%)
Mutual labels: static-analysis, security-tools
Huskyci
Performing security tests inside your CI
Stars: β 398 (-46.07%)
Mutual labels: static-analysis, security-tools
Jsprime
a javascript static security analysis tool
Stars: β 556 (-24.66%)
Mutual labels: static-analysis, security-tools
A curated list of awesome Python security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Web Framework Hardening
- Secure.py - secure.py π is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
- Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
- Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
- Django Session CSRF - CSRF protection for Django without cookies.
Multi tools
- hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Hubble - Hubble is a modular, open-source security compliance framework.
- Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
Static Code Analysis
- Bandit - Bandit is a tool designed to find common security issues in Python code.
- Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
- Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
Vulnerabilities and Security Advisories
- Safety - Safety checks your installed dependencies for known security vulnerabilities.
- snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Python known vulnerabilities in the National Vulnerability Database.
Penetration Testing
- EvilTwinFramework - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
- sqlmap - Automatic SQL injection and database takeover tool
Cryptography
- Passlib - Secure password storage/hashing library, very high level.
- PyNacl - Python binding to the Networking and Cryptography (NaCl) library.
Application Templates
-
wemake-django-template - Bleeding edge
django
template focused on code quality and security.
Educational
Hacking Playground
- Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
- django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
- DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
- DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.
Articles, Guides & Talks
- cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
- 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
- OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
- Django Security - Overview of Djangoβs security features includes advice on securing a Django-powered site.
Companies
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.
Other
Reporting Bugs
Contributing
Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!
say hi on Twitter
License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].