Open Source Python Security Software - Page 29

Polydish is a polymorphic Internet server capable of accepting pluggable protocols (written in Python or Ruby), and can thereby serve any type of content imaginable. The backend code is a fast, secure, C-based server, employing thread pools and OpenSSL.

privacyIDEA is a management and authentication system for two factor authentication. You can use OTP tokens, OTP cards, SMS, Smartphone Apps to incorparte the second factor. It can even manage SSH keys and supports Offline OTP. The latest version can manage and enroll user certificates. Its modular design makes it easily enhancable. It runs on Linux. Applications and workflows can be connected to privacyIDEA hence enabling two factor authentication in your system logon, web applications, SSL VPNs, firewalls and many more. A detailed audit log gives you full control of what happens when, where (why? ;-) and by whom. A demo site is available at demo.privacyidea.org.

The tool is useful when you want to encrypt and decrypt texts with password. Encrypted text can be posted online, and can only be decrypted back when correct password is entered.

This program is a graphical user interface for checking pwned passwords, it's writen with python and pyQT4. Program calculates password hash and then searches for matches with first 5 symbols (prefix) in https://api.pwnedpasswords.com, then full hash match is found localy on users PC.

pwnedOrNot is an open source OSINT tool designed to investigate whether an email address has been compromised in known data breaches and to identify exposed credentials associated with that account. The tool works by interacting with the HaveIBeenPwned (HIBP) API to determine if a given email address appears in breach databases. If the email is found in a breach, the tool proceeds to search for associated passwords within publicly available data dumps. This two-phase approach allows investigators, security professionals, and researchers to assess the exposure level of compromised accounts using publicly accessible breach information. The tool displays useful breach details such as the name of the breach, the affected domain, the breach date, and several status indicators related to the authenticity and status of the breach. pwnedOrNot can also analyze domains to determine whether they have been involved in breaches and can list all breached domains available through the HIBP database.

An attempt to send a full flagged MIME based email using open relay mail servers (authentication not required). Written in Python3. Using smtplib and email liabraries TODO: Bruteforce the SMTP authentication. Support TLS.

pyMoul: Python tools for Myst Online - URU Live (MOUL)

This is a swig-based python wrapper for the OpenPACE library.

A firewall knocking mechanism that is loosely based on tumbler (tumbler.sourceforge.net) instead it is written in python. A focus of this implementation will be on multiple client implementations (OSX Widget, XP taskbar, etc.)

pyWhat is a Python-based identification tool designed to figure out “what” a piece of text or file content represents, especially in security and OSINT workflows. Given inputs such as hex strings, URLs, email addresses, IP addresses, credit card numbers, cryptocurrency wallets, or entire .pcap capture files, it scans for structured patterns and tells you what it finds. The tool is recursive: it can traverse files and directories to extract meaningful entities, which is useful when analyzing malware samples, network captures, or code repositories at scale. It offers powerful filters called “tags” and distributions that let you narrow results to specific categories like bug bounties, cryptocurrencies, or AWS-related artifacts. For automation and integration, pyWhat provides a CLI with options for rarity filtering, sorting, and JSON export, as well as an API that can be imported into other Python programs.

A Python library to provide and automate XMLRPC over a SSH2 encrypted tunnel.

Python module for secure file erase as the DoD 5220.22-M standard

Python extension module to allow access to Aladdin's hasp dongle.

This is a small and simple toolkit that might be useful during steganalysis, it is currently composed by several general purpose command line tools. NOTE: this project has been moved to https://github.com/luca-m/lsb-toolkit

PyMSR is a python script for reading and writing magnetic stripe cards with the MSR206 Reader/Writer from unix.

pySHOT is a session recorder for windows. (soon linux session recorder also) It's a client/server python app using gearman. To use pyshot you must install pyshot-client from https://sourceforge.net/projects/pyshot-client/ on monitored server

PySpy lets Nokia phones S60 series with camera be able to detect motion and send photo via e-mail or mms or simply notify via missed call or sms.

PYSSH (Secure Shell) is a implementation of SSH1 protocol in Python. It provides strong authentication and secure communications over insecure networks.

Python module importer to import from archives. Demonstrates importing modules from AES encrypted zip archives. Experimental status.

A python binding for the iptables tools. The binding allows direction manipulation of the iptables through an object oriented and transaction based manner. The binding removes the need to call iptable on the command line in python applications.

Pytrap is a another Tripwire crap based on pyinotify. So it is event driven and there is no need for scanning every n seconds about changes. A lot of work is to do - but the heading is clear.

qrypto is a project aimed to provide simple, easy to use Blowfish encryption across popular languages for enhanced data security.

A pure Python module that implements client side RADIUS authentication, as defined by RFC2138. This project has moved to GitHub. http://github.com/btimby/py-radius/

reNgine is an automated reconnaissance framework designed to simplify and enhance the process of gathering information about web applications during security assessments. It provides a streamlined workflow for penetration testers, bug bounty hunters, and security teams who need to perform reconnaissance efficiently and at scale. The platform integrates multiple open-source reconnaissance tools into a unified environment with a configurable scanning engine and an intuitive web interface. reNgine focuses on improving traditional reconnaissance workflows by organizing collected data in a database and correlating results to make them easier to analyze. This approach helps security professionals avoid manually searching through scattered files and instead work with structured, searchable reconnaissance data. The framework supports continuous monitoring of targets and can automatically notify users about newly discovered assets or vulnerabilities.

Rishi is a botnet detection software, capable of detecting hosts infected with IRC based bots by passively monitoring network traffic. A webinterface provides additional information to found incidents.