Awesome Open Source

Programming Languages

Search results for python security tools

security-tools x

640 search results found

Social Analyzer ⭐ 10,330

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Spiderfoot ⭐ 10,330

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Scapy ⭐ 9,250

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

Prowler ⭐ 8,654

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

Fail2ban ⭐ 8,627

Daemon to ban hosts that cause multiple authentication errors

Monkey ⭐ 6,331

Infection Monkey - An open-source adversary emulation platform

Bandit ⭐ 5,486

Bandit is a tool designed to find common security issues in Python code.

Autosploit ⭐ 4,749

Automated Mass Exploiter

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Pocsuite3 ⭐ 3,207

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Consoleme ⭐ 3,011

A Central Control Plane for AWS Permissions and Access

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Intelowl ⭐ 2,897

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

OSINT automation for hackers.

Chipsec ⭐ 2,726

Platform Security Assessment Framework

Pentest Tools ⭐ 2,652

A collection of custom security tools for quick needs.

Nettacker ⭐ 2,584

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Awesome Hacking ⭐ 2,570

Awesome hacking is an awesome collection of hacking tools.

Nosqlmap ⭐ 2,526

Automated NoSQL database enumeration and web application exploitation tool.

Torbot ⭐ 2,155

Dark Web OSINT Tool

Silenttrinity ⭐ 2,055

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Appinfoscanner ⭐ 1,975

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Subdomainizer ⭐ 1,574

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Vxscan ⭐ 1,566

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释

Dirhunt ⭐ 1,561

Find web directories without bruteforce

Rapidscan ⭐ 1,489

🆕 The Multi-Tool Web Vulnerability Scanner.

Opencve ⭐ 1,433

CVE Alerting Platform

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Dronesploit ⭐ 1,284

Drone pentesting framework console

Forseti Security ⭐ 1,283

Forseti Security

Sprayingtoolkit ⭐ 1,283

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Osv.dev ⭐ 1,226

Open source vulnerability DB and triage service.

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Github Search ⭐ 1,121

A collection of tools to perform searches on GitHub.

Ssh Mitm ⭐ 1,114

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

Interlace ⭐ 1,080

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Changeme ⭐ 1,058

A default credential scanner.

Satansword ⭐ 1,048

红队综合渗透框架

Gitgot ⭐ 1,029

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Pygod ⭐ 1,019

A Python Library for Graph Outlier Detection (Anomaly Detection)

A flexible scanner

Qu1cksc0pe ⭐ 935

All-in-One malware analysis tool.

Python low-interaction honeyclient

Evillimiter ⭐ 928

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Enumeration sub domains(枚举子域名)

Awesome Python Security ⭐ 867

Awesome Python Security resources 🕶🐍🔐

Requests Ip Rotator ⭐ 867

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Eyeballer ⭐ 865

Convolutional neural network for analyzing pentest screenshots

Cve Bin Tool ⭐ 858

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Hosthunter ⭐ 826

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Hacking Toolkit

Find exploit tool

Electriceye ⭐ 794

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Extract_otp_secrets ⭐ 769

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.

Psudohash ⭐ 724

Generates millions of keyword-based password mutations in seconds.

Threatingestor ⭐ 714

Extract and aggregate threat intelligence.

Springboot Scan ⭐ 712

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Sipvicious ⭐ 693

SIPVicious OSS has been around since 2007 and is actively updated to help security teams, QA and developers test SIP-based VoIP systems and applications.

Blackmamba ⭐ 688

C2/post-exploitation framework

Spoofcheck ⭐ 662

Simple script that checks a domain for email protections

Scant3r ⭐ 657

ScanT3r - Module based Bug Bounty Automation Tool

Autopwn Suite ⭐ 636

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Fireelf ⭐ 597

fireELF - Fileless Linux Malware Framework

Sysreptor ⭐ 590

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

Aiodnsbrute ⭐ 579

Python 3.5+ DNS asynchronous brute force utility

Opensquat ⭐ 576

The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis.

Packj stops ⚡️ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Huskyci ⭐ 530

Performing security tests inside your CI

Betterscan Ce ⭐ 528

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

Mysql_fake_server ⭐ 526

MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Fuzzable ⭐ 459

Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022.

Witnessme ⭐ 445

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Dep Scan ⭐ 440

OWASP dep-scan is an open-source security audit based on known vulnerabilities and advisories for project dependencies. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, and Google CloudBuild. No server is required!

Shodansploit ⭐ 437

🔎 shodansploit > v1.3.0

Dgfraud ⭐ 432

A Deep Graph-based Toolbox for Fraud Detection

O365spray ⭐ 432

Username enumeration and password spraying tool aimed at Microsoft O365.

Hackertarget ⭐ 422

🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯

Sec Tools ⭐ 412

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识

Webshell Sniper ⭐ 411

🔨 Manage your website via terminal

H2csmuggler ⭐ 408

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report.

Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.

Raven Storm ⭐ 389

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

Vulscan ⭐ 382

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

Recon Pipeline ⭐ 374

An automated target reconnaissance pipeline.

myscan 被动扫描

Cookie_crimes ⭐ 371

Read local Chrome cookies without root or decrypting

YARA malware query accelerator (web frontend)

Vulnerablecode ⭐ 363

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

Unwebpack Sourcemap ⭐ 350

Extract uncompiled, uncompressed SPA code from Webpack source maps.

Heralding ⭐ 349

Credentials catching honeypot

Domain Protect ⭐ 333

OWASP Domain Protect - prevent subdomain takeover

Mssqlproxy ⭐ 329

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

Njsscan ⭐ 318

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Related Searches

Python Django (28,897)

Python Python3 (22,971)

Python Deep (22,263)

Python Ml (20,195)

Python Deep Learning (19,841)

Python Pytorch (17,410)

Python Flask (17,153)

Python Dataset (14,792)

Python Tensorflow (14,628)

Python Machine Learning (14,099)

1-100 of 640 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2023 Awesome Open Source. All rights reserved.