Open Source Python Security Software - Page 26
Sort By:
Python Security Software
View 5752 business solutionsBrowse free open source Python Security Software and projects below. Use the toggles on the left to filter open source Python Security Software by OS, license, language, programming language, and project status.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
mongoaudit
A powerful MongoDB auditing and pentesting tool
mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB's default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called the MongoDB apocalypse. mongoaudit not only detects misconfigurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! MongoDB listens on a port different to default one. Server only accepts connections from whitelisted hosts / networks. MongoDB HTTP status interface is not accessible on port 28017. MongoDB is not exposing its version number. MongoDB version is newer than 2.4. TLS/SSL encryption is enabled. Authentication is enabled. SCRAM-SHA-1 authentication method is enabled. -
2
mssqlproxy
Toolkit aimed to perform lateral movement in restricted environments
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. The first step is to execute code in the SQL Server process context. As extended stored procedures are going to be deprecated in future versions of MSSQL, we pay attention to Microsoft recommendations and thus, use CLR assemblies instead. -
3
A python interface for nmap. Allows you to get information about your local network and conduct nmap scans and read the results from a python application or interpreter. Currently tested (lightly) under Windows XP, Mac OS 10.5.5 and Ubuntu 8.04 and 8.10.
-
4
nodejsscan
nodejsscan is a static security code scanner for Node.js applications
Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep. nodejsscan is a static security code scanner for Node.js applications. -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
5
nogotofail
An on-path blackbox network traffic security testing tool
nogotofail is a network security testing tool developed by Google to help developers and researchers identify weaknesses in TLS/SSL implementations and detect unencrypted traffic that could compromise sensitive data. The tool functions as an on-path man-in-the-middle (MiTM) testing system, allowing users to inspect and evaluate how applications and devices handle encrypted connections under real-world conditions. It can detect a wide range of vulnerabilities, including improper SSL certificate validation, library misconfigurations, and downgrade or stripping attacks such as SSL and STARTTLS stripping. The system’s flexible architecture supports automated testing at scale, making it suitable for both single-device assessments and large network evaluations. Its modular structure also allows for customization and extension, enabling researchers to target specific network behaviors or encryption flaws. -
6
nsrlquery
Provides tools to interface with NIST's NSRL RDS.
The National Institutes of Science and Technology maintains the National Software Reference Library. As part of this, they keep track of SHA-1 hashes of millions of known pieces of software (the "Reference Data Set"). Unfortunately, there are very few tools to help users query the NSRL RDS. That's where nsrlquery comes in. -
7
ntfy
Utility for sending notifications, on demand and when commands finish
ntfy brings notification to your shell. It can automatically provide desktop notifications when long-running commands finish or it can send push notifications to your phone when a specific command finishes. The install technique in the quickstart is the suggested method of installation. It can be installed in a virtualenv, but with some caveats, Linux notifications require system-site-packages for the virtualenv and OS X notifications don’t work at all. ntfy has support for automatically sending notifications when long-running commands finish in bash and zsh. In bash it emulates zsh’s preexec and precmd functionality with rcaloras/bash-preexec. The backends key specifies what backends to use by default. Each backend has its own configuration, stored in a key of its own name. If you want multiple configs for the same backend type, you can specify any name and then specify the backend with a backend key. -
8
pam_duration
Set limits on per-day total usage for Linux/Unix users
pam_duration provides a module for the Pluggable Authentication Module (PAM) authorization framework that sets per-day limits on total usage by particular Linux/Unix users on a single system. Limits can be configured by day of the week, so, for example, weekend limits can be different from weekdays. It also provides a service to ensure logout when the specified time limit expires. -
9
-
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
10
password-generator
passwort, passwort-generator, password, password generator
Passwort-Generator in Python. passwort-generator.exe md5 hash: fccfcf626e84382fd63d079f94f195f1 -
11
-
12
A Pure-Python library which digitally sign PDF files, Based on: pyPdf, pyasn1 and TLS Lite.
-
13
phpbb bruteforce
phpbb login brute force
phpbb forum login brute force -
14
phpsploit
Full-featured C2 framework which silently persists on webserver
Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor. Detailed help for any option (help command) Cross-platform on both client and server. CLI supports auto-completion & multi-command. Session saving/loading feature & persistent history. Multi-request support for large payloads (such as uploads) Provides a powerful, highly configurable settings engine. Each setting, such as user-agent has a polymorphic mode. Customizable environment variables for plugin interaction. Provides a complete plugin development API. -
15
Polydish is a polymorphic Internet server capable of accepting pluggable protocols (written in Python or Ruby), and can thereby serve any type of content imaginable. The backend code is a fast, secure, C-based server, employing thread pools and OpenSSL.
-
16
privacyidea
two factor authentication management system
privacyIDEA is a management and authentication system for two factor authentication. You can use OTP tokens, OTP cards, SMS, Smartphone Apps to incorparte the second factor. It can even manage SSH keys and supports Offline OTP. The latest version can manage and enroll user certificates. Its modular design makes it easily enhancable. It runs on Linux. Applications and workflows can be connected to privacyIDEA hence enabling two factor authentication in your system logon, web applications, SSL VPNs, firewalls and many more. A detailed audit log gives you full control of what happens when, where (why? ;-) and by whom. A demo site is available at demo.privacyidea.org. -
17
protepad
Small GUI to encrypt/decrypt texts
The tool is useful when you want to encrypt and decrypt texts with password. Encrypted text can be posted online, and can only be decrypted back when correct password is entered. -
18
pwnCheck
Password pwn check.
This program is a graphical user interface for checking pwned passwords, it's writen with python and pyQT4. Program calculates password hash and then searches for matches with first 5 symbols (prefix) in https://api.pwnedpasswords.com, then full hash match is found localy on users PC. -
19
An attempt to send a full flagged MIME based email using open relay mail servers (authentication not required). Written in Python3. Using smtplib and email liabraries TODO: Bruteforce the SMTP authentication. Support TLS.
-
20
A pure python module which implements the DES and Triple-DES encryption algorithms. Triple DES is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key.
-
21
-
22
-
23
-
24
A firewall knocking mechanism that is loosely based on tumbler (tumbler.sourceforge.net) instead it is written in python. A focus of this implementation will be on multiple client implementations (OSX Widget, XP taskbar, etc.)
-
25
pyWhat
Identify emails, IP addresses, and more
pyWhat is a Python-based identification tool designed to figure out “what” a piece of text or file content represents, especially in security and OSINT workflows. Given inputs such as hex strings, URLs, email addresses, IP addresses, credit card numbers, cryptocurrency wallets, or entire .pcap capture files, it scans for structured patterns and tells you what it finds. The tool is recursive: it can traverse files and directories to extract meaningful entities, which is useful when analyzing malware samples, network captures, or code repositories at scale. It offers powerful filters called “tags” and distributions that let you narrow results to specific categories like bug bounties, cryptocurrencies, or AWS-related artifacts. For automation and integration, pyWhat provides a CLI with options for rarity filtering, sorting, and JSON export, as well as an API that can be imported into other Python programs.
