Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Overview

Security-TXT

Security-TXT is a simple security.txt library.

>> sec.contact ['https://hackerone.com/adobe', 'mailto:[email protected]'] >>> sec.signature 'iQIzBAEBCAAdFiEEqvs1Pw7pNc/gvcvRX9Oj3XV3pEYFAmEBhSgACgk...' >>> sec.expired False">
>>> from securitytxt import SecurityTXT
>>> sec = SecurityTXT.from_url("adobe.com")
>>> sec.contact
['https://hackerone.com/adobe', 'mailto:[email protected]']
>>> sec.signature
'iQIzBAEBCAAdFiEEqvs1Pw7pNc/gvcvRX9Oj3XV3pEYFAmEBhSgACgk...'
>>> sec.expired
False

Security-TXT allows you to easily retrieve, parse and manipulate security.txt files. It tries to follow the latest draft RFC as closely as possible, while it still parses security.txt files that contain minor mistakes. The package is well-documented, thereby easy to use in combination with pydoc:

Installation

Security-TXT is not yet available on PyPI. I am currently working on this. The package has only been tested with Python 3.6.8+

Supported Features & Best–Practices

The package has been build to support easy and automated retrieval and parsing of security.txt files. Therefore, features include:

  • Automated searching for security.txt files on specified host.
  • Signature parsing for signed files.
  • Allows for parsing unknown fields and comments that are present in security.txt file.
  • Automated validity tests for parsed security.txt files.
  • Every class and function is fully documented.

Soon to be implemented:

  • fail_silently: if a file format is invalid, it continues parsing the rest of the line instead of raising an error.
You might also like...
Course: Information Security with Python

Curso: Segurança da Informação com Python Curso realizado atravès da Plataforma da Digital Innovation One Prof: Bruno Dias Conteúdo: Introdução aos co

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is strong enough to prevent unauthorized users from memorizing it.

Safety checks your installed dependencies for known security vulnerabilities
Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Tools to make working the Arch Linux Security Tracker easier

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO
Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO

wtf-CTF_Writeups Table of Contents Table of Contents Crypto Misc Reverse Pwn Web Crypto wtf_Bot Author: Madjelly Join the discord server!You know how

Comments
  • Certificate issues are hidden away

    Certificate issues are hidden away

    I am currently trying to use this library for checking and parsing my security.txt file with the URL-based example from the README.

    While there are no issues with regular certificates, local testing with a self-signed one just raises a FileNotFoundError without further explanation (my local server setup is configured as HTTPS-only):

    from security import SecurityTXT
    
    result = SecurityTXT.from_url('https://local-device/')
    

    The reason is that the requests library does not support self-signed certificates by default.

    Is there any chance of increasing the verbosity, for example by some logging? The culprit seems to be securitytxt.parsers.url_parser.URLParser._parse_file_url, where the following message might be useful for debugging:

    HTTPSConnectionPool(host='local-device', port=443): Max retries exceeded with url: /.well-known/security.txt (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

    bug enhancement 
    opened by stefan6419846 2
Owner
Frank
Frank
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

null 52 Dec 17, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Introduction evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files. It can process a high numbe

NVISO 116 Dec 29, 2022
An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

RonnieColemanYARAParser This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging. Requir

Steve 20 Dec 13, 2022
labsecurity is a framework and its use is for ethical hacking and computer security

labsecurity labsecurity is a framework and its use is for ethical hacking and computer security. Warning This tool is only for educational purpose. If

Dylan Meca 16 Dec 8, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Python Code Quality Authority 4.8k Dec 31, 2022
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

null 2.1k Dec 25, 2022