Python
Explore 130 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
A reverse engineering framework with a focus on usability and code cleanliness
A reverse engineering framework with a focus on usability and code cleanliness
A Python library for working with network protocols
A tool for bruteforcing subdomains of a given domain
A tool to declutter URL lists for crawling and pentesting
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
A conference featuring talks and workshops on various Python-related topics.
A conference featuring talks and workshops on various Python-related topics.
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
IronBee is an open source project building a universal web application security sensor.
IronBee is an open source project building a universal web application security sensor.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
Tool for parsing Android logs events and protobuf data
Tool for parsing Android logs events and protobuf data
A Scriptable Android Debugger for reverse engineers and developers.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Django based web application for network traffic analysis with protocol handling capabilities.
Django based web application for network traffic analysis with protocol handling capabilities.
Modular Threat Hunting Tool & Framework
A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
Unofficial Python API for searching, browsing, and downloading Android apps from Google Play.
Unofficial Python API for searching, browsing, and downloading Android apps from Google Play.
Incident response framework focused on remote live forensics
Incident response framework focused on remote live forensics
A semi-automatic tool to generate YARA rules from virus samples.
A semi-automatic tool to generate YARA rules from virus samples.
Python framework for building and utilizing interfaces to transfer data between frameworks with a focus on Command and Control frameworks.
Python framework for building and utilizing interfaces to transfer data between frameworks with a focus on Command and Control frameworks.
A free book providing design and implementation guidelines for writing secure programs in various languages.
A free book providing design and implementation guidelines for writing secure programs in various languages.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
ISF (Industrial Exploitation Framework) - An exploitation framework for industrial systems with various ICS protocol clients and exploit modules.
ISF (Industrial Exploitation Framework) - An exploitation framework for industrial systems with various ICS protocol clients and exploit modules.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
Modular honeypot based on Python with support for Siemens S7 protocol.
A tool for scraping CTF writeups from ctftime.org and organizing them for easy access.
A tool for scraping CTF writeups from ctftime.org and organizing them for easy access.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
Python script to parse the NTFS USN Change Journal.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
A suite of secret scanners built in Rust for performance.
A Python script to check system compliance against CIS Benchmarks with customizable options.
A Python script to check system compliance against CIS Benchmarks with customizable options.
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
A program to extract IOCs from text files using regular expressions
A program to extract IOCs from text files using regular expressions
Python tool for remote memory acquisition
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
A Python-based tool for detecting XSS vulnerabilities
Python module for fast packet parsing with TCP/IP protocol definitions.
A Python web application honeypot that provides simple statistics for the Glastopf.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
A cybersecurity tool for managing data points and cyber threat indicators with a focus on neo4j data traversal.
A cybersecurity tool for managing data points and cyber threat indicators with a focus on neo4j data traversal.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
CTF toolkit for rapid exploit development and prototyping.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
A Security Information and Event Management (SIEM) system with a focus on security and minimalism.
A Python-based educational network hacking toolkit that implements various attack techniques including ARP poisoning, DHCP attacks, subdomain enumeration, and web technology identification.
A Python-based educational network hacking toolkit that implements various attack techniques including ARP poisoning, DHCP attacks, subdomain enumeration, and web technology identification.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
Parse YARA rules into a dictionary representation.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
An exploitation framework for industrial security with modules for controlling PLCs and scanning devices.
An exploitation framework for industrial security with modules for controlling PLCs and scanning devices.
Docker security audit tool with custom audit profiles and JSON report generation based on CIS Docker 1.6 Benchmark.
Docker security audit tool with custom audit profiles and JSON report generation based on CIS Docker 1.6 Benchmark.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A scalable python framework for security research and development teams.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
A robust Python implementation of TAXII Services with a friendly pythonic API.
A robust Python implementation of TAXII Services with a friendly pythonic API.
Python-based client for IBM XForce Exchange with an improved version available.
Python-based client for IBM XForce Exchange with an improved version available.
Python script to parse macOS MRU plist files into human-friendly format
Python script to parse macOS MRU plist files into human-friendly format
A Python script for creating a cohesive and up-to-date penetration testing framework.
A Python script for creating a cohesive and up-to-date penetration testing framework.
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Proof-of-concept implementation of TAXII services for developers and non-developers.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
Interactive computational environment for code execution, text, and media combination.
Interactive computational environment for code execution, text, and media combination.
An open-source intelligence collection, research, and artifact management tool inspired by SpiderFoot, Harpoon, and DataSploit.
An open-source intelligence collection, research, and artifact management tool inspired by SpiderFoot, Harpoon, and DataSploit.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
A modular malware collection and processing framework with support for various threat intelligence feeds.
A modular malware collection and processing framework with support for various threat intelligence feeds.
A native Python cross-version decompiler and fragment decompiler.
OCyara performs OCR on image files and scans them for matches to Yara rules, supporting Debian-based Linux distros.
OCyara performs OCR on image files and scans them for matches to Yara rules, supporting Debian-based Linux distros.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
Collect various intelligence sources for hosts in CSV format.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.
Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
Python wrapper for the Libemu library for analyzing shellcode.
A cybersecurity incident management platform for tracking and reporting incidents with agility and speed.
A cybersecurity incident management platform for tracking and reporting incidents with agility and speed.
Open source Python library for NTFS analysis
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
Collection of Python scripts for automating tasks and enhancing IDA Pro functionality
Collection of Python scripts for automating tasks and enhancing IDA Pro functionality
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
Python-based web server framework for setting up fake web servers and services with precise data responses.
Python-based web server framework for setting up fake web servers and services with precise data responses.
A module-based AWS response tool for incident response in AWS environments.
A module-based AWS response tool for incident response in AWS environments.
Honeypot for analyzing data with customizable services and logging capabilities.
Honeypot for analyzing data with customizable services and logging capabilities.
Interactive incremental disassembler with data/control flow analysis capabilities.
Interactive incremental disassembler with data/control flow analysis capabilities.
An open-source Python software for creating honeypots and honeynets securely.
An open-source Python software for creating honeypots and honeynets securely.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
An observation camera honeypot for proof-of-concept purposes
A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.
Tool for exploiting Sixnet RTUs to gain root level access with little effort.
Tool for exploiting Sixnet RTUs to gain root level access with little effort.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Repository for IBM SOAR Apps source-code and development resources.
Repository for IBM SOAR Apps source-code and development resources.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
hpfeeds is a lightweight authenticated publish-subscribe protocol with Python 3 compatible broker and client.
A post-exploitation tool for Azure Active Directory and Office 365 environments that manages access tokens and provides interactive access to Microsoft 365 services.
A post-exploitation tool for Azure Active Directory and Office 365 environments that manages access tokens and provides interactive access to Microsoft 365 services.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Python package for fanging and defanging indicators of compromise in text.
Python package for fanging and defanging indicators of compromise in text.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
jimi is an orchestration automation tool for multi-team collaboration and automation in IT/Security operations, Development, and CI/CD pipelines.
jimi is an orchestration automation tool for multi-team collaboration and automation in IT/Security operations, Development, and CI/CD pipelines.
A Python library to interface with a cuckoo-modified instance.
A Python library to interface with a cuckoo-modified instance.
Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.
Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.
Python library for building Docker images with advanced features.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
Python tool for monitoring user-select APIs in Android apps using Frida.
Python tool for monitoring user-select APIs in Android apps using Frida.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
