Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis) Detect command injection, SSRF, SQL injection, XSS, directory traveral etc. A lot of customization is possible. For functions from builtins or libraries, e.g. url_for or os.path.join, use the -m option to specify whether or not they return tainted values given tainted inputs, by default this file is used.
Features
- Virtual env setup guide
- Detect command injection, SSRF, SQL injection, XSS, directory traveral etc.
- A lot of customization possible
- A Static Analysis Tool for Detecting Security Vulnerabilities
- Detect vulnerabilities in Python Web Applications
- Static analysis of Python web applications based on theoretical foundations
License
GNU General Public License version 3.0 (GPLv3)Follow Python Taint
You Might Also Like
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of Python Taint!