A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Overview
https://travis-ci.org/python-security/pyt.svg?branch=master https://readthedocs.org/projects/pyt/badge/?version=latest

This project is no longer maintained

March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulnerabilities in your Python codebase.

Pyre from Facebook is an amazing project that has a bright future and many smart people working on it. I would suggest, if you don't know that much about program analysis, that you understand how PyT works before diving into Pyre. Along with the README's in most directories, there are the original Master's Thesis and some slides. With that said, I am happy to review pull requests and give you write permissions if you make more than a few.

There were a lot of great contributors to this project, I plan on working on other projects like detect-secrets and others (e.g. Pyre eventually) in the future if you'd like to work together more :)

If you are a security engineer with e.g. a Python codebase without type annotations, that Pyre won't handle, I would suggest you replace your sinks with a secure wrapper (something like defusedxml), and alert off any uses of the standard sink. You can use Bandit to do this since dataflow analysis is not required, but you will have to trim it a lot, due to the high false-positive rate.

Python Taint

Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis)

Features

  • Detect command injection, SSRF, SQL injection, XSS, directory traveral etc.
  • A lot of customisation possible

For a look at recent changes, please see the changelog.

Example usage and output:

https://raw.githubusercontent.com/KevinHock/rtdpyt/master/readme_static_files/pyt_example.png

Install

Before continuing, make sure you have python3.6 or 3.7 installed.

pip install python-taint
✨🍰✨

PyT can also be installed from source. To do so, clone the repo, and then run:

python3 setup.py install

How it Works

Soon you will find a README.rst in every directory in the pyt/ folder, start here.

How to Use

  1. Choose a web framework

The -a option determines which functions will have their arguments tainted, by default it is Flask.

  1. (optional) Customize source and sink information

Use the -t option to specify sources and sinks, by default this file is used.

  1. (optional) Customize which library functions propagate taint

For functions from builtins or libraries, e.g. url_for or os.path.join, use the -m option to specify whether or not they return tainted values given tainted inputs, by default this file is used.

Usage

usage: python -m pyt [-h] [-a ADAPTOR] [-pr PROJECT_ROOT]
                     [-b BASELINE_JSON_FILE] [-j] [-t TRIGGER_WORD_FILE]
                     [-m BLACKBOX_MAPPING_FILE] [-i] [-o OUTPUT_FILE]
                     [--ignore-nosec] [-r] [-x EXCLUDED_PATHS]
                     [--dont-prepend-root] [--no-local-imports]
                     targets [targets ...]

required arguments:
  targets               source file(s) or directory(s) to be scanned

important optional arguments:
  -a ADAPTOR, --adaptor ADAPTOR
                        Choose a web framework adaptor: Flask(Default),
                        Django, Every or Pylons

  -t TRIGGER_WORD_FILE, --trigger-word-file TRIGGER_WORD_FILE
                        Input file with a list of sources and sinks

  -m BLACKBOX_MAPPING_FILE, --blackbox-mapping-file BLACKBOX_MAPPING_FILE
                            Input blackbox mapping file

optional arguments:
  -pr PROJECT_ROOT, --project-root PROJECT_ROOT
                        Add project root, only important when the entry file
                        is not at the root of the project.

  -b BASELINE_JSON_FILE, --baseline BASELINE_JSON_FILE
                        Path of a baseline report to compare against (only
                        JSON-formatted files are accepted)

  -j, --json            Prints JSON instead of report.

  -i, --interactive     Will ask you about each blackbox function call in
                        vulnerability chains.

  -o OUTPUT_FILE, --output OUTPUT_FILE
                        Write report to filename

  --ignore-nosec        Do not skip lines with # nosec comments

  -r, --recursive       Find and process files in subdirectories

  -x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS
                        Separate files with commas

  --dont-prepend-root   In project root e.g. /app, imports are not prepended
                        with app.*

  --no-local-imports    If set, absolute imports must be relative to the
                        project root. If not set, modules in the same
                        directory can be imported just by their names.

Usage from Source

Using it like a user python3 -m pyt examples/vulnerable_code/XSS_call.py

Running the tests python3 -m tests

Running an individual test file python3 -m unittest tests.import_test

Running an individual test python3 -m unittest tests.import_test.ImportTest.test_import

Contributions

Join our slack group: https://pyt-dev.slack.com/ - ask for invite: [email protected]

Guidelines

Virtual env setup guide

Create a directory to hold the virtual env and project

mkdir ~/a_folder

cd ~/a_folder

Clone the project into the directory

git clone https://github.com/python-security/pyt.git

Create the virtual environment

python3 -m venv ~/a_folder/

Check that you have the right versions

python3 --version sample output Python 3.6.0

pip --version sample output pip 9.0.1 from /Users/kevinhock/a_folder/lib/python3.6/site-packages (python 3.6)

Change to project directory

cd pyt

In the future, just type source ~/a_folder/bin/activate to start developing.

Comments
  • -r Recursive option

    -r Recursive option

    Issue: #127 There is a few steps for completing this PR. Now we can get all ".py" files in directory and exclude some files with "-x" option.

    cool important 
    opened by omergunal 13
  • Write tests for __main__.py

    Write tests for __main__.py

    As we can see on CodeClimate https://codeclimate.com/github/python-security/pyt/coverage/5935971dbf92ed000102998b there is pretty low test coverage of main, I understand why this is but adding some tests for it would increase our test coverage percentage and 75% isn't satisfying.

    If you have any trouble with this I can help, I am going to label this issue as Easy so new comers see it.

    good first issue 
    opened by KevinHock 9
  • Add readthedocs

    Add readthedocs

    If you look at https://github.com/trailofbits/manticore/blob/master/README.md you can see a nice link at the top to the docs. I'll write the docs once the layout is there, please see https://www.slideshare.net/mobile/JohnCosta/how-to-readthedocs

    (So the [easy] issues are good for new people who want to start contributing to look at.)

    enhancement easy 
    opened by KevinHock 9
  • Add support for sinks introduced with

    Add support for sinks introduced with "from .... import ..."

    Right now sinks seem to be considered during vulnerability analysis only in case of "module scope imports". E.g. vulnerabilities w.r.t. sink subprocess.call( are only detected in case the production code imports module scope wise:

    import subprocess
    
    subprocess.call(
    

    In case the production code introduces the sink via module import the vulnerability won't be detected.

    from subprocess import call
    
    call(
    
    help wanted cool 
    opened by fkromer 8
  • Publish new version

    Publish new version

    Would be great to get a new release published on pypi soon.

    We have over 190 commits added, though I'm not sure of the specific criteria for bumping the version.

    opened by bcaller 8
  • 128: Allow the user to cancel interactive mode

    128: Allow the user to cancel interactive mode

    This should resolve #128. The change is so straight forward and any potential tests would be awkward, so I'm not sure we want to include specific tests for this (there were none before for interactive mode anyway).

    I'm open to suggestions though.

    You can manually test this change by using this sample code:

    import scrypt
    
    
    image_name = request.args.get('image_name')
    if not image_name:
        image_name = 'foo'
    foo = scrypt.outer(image_name) # Any call after ControlFlowNode caused the problem
    foo = scrypt.hash(foo, 'salt')
    foo = scrypt.encrypt(os.urandom(datalength), foo)
    send_file(foo)
    

    Then python -m pyt sample.py -m bb.txt -i. You can see how it does as many as you want until you answer s.

    opened by adrianbn 7
  • Feature Request: Whitelist lines ending in # nosec

    Feature Request: Whitelist lines ending in # nosec

    So both detect-secrets and Bandit have the concept of whitelisting a line by putting a comment at the end, similar to how you've probably seen people do # noqa: F401 or whatever, with pylint.

    Let us steal once again, from Bandit, since they are most similar to us, here are the relevant lines, but we shall change lineno + 1 for to enumerate(lines, start=1) because it is more pythonic.

    They also have the --ignore-nosec do not skip lines with # nosec comments command line optionso we shall pass in the set of lines to the 2 calls tofind_vulnerabilities` in __main__,

    feature request 
    opened by KevinHock 7
  • Can't clone repo on MacOS

    Can't clone repo on MacOS

    Hi!

    For some weird reason when cloning the repo on a mac (tested with 10.11 and 10.13) the file pyt/trigger_definitions/flask_trigger_words.pyt won't be written.

    here's an example:

    } /tmp$ git clone https://github.com/python-security/pyt.git
    Cloning into 'pyt'...
    remote: Counting objects: 5740, done.
    remote: Total 5740 (delta 0), reused 0 (delta 0), pack-reused 5740
    Receiving objects: 100% (5740/5740), 2.62 MiB | 3.75 MiB/s, done.
    Resolving deltas: 100% (3916/3916), done.
    Checking connectivity... done.
    } /tmp$ cd pyt/
    } /tmp/pyt$ git status
    On branch master
    Your branch is up-to-date with 'origin/master'.
    Changes not staged for commit:
      (use "git add/rm <file>..." to update what will be committed)
      (use "git checkout -- <file>..." to discard changes in working directory)
    
    	deleted:    pyt/trigger_definitions/flask_trigger_words.pyt
    
    no changes added to commit (use "git add" and/or "git commit -a")
    

    Even copy pasting the content in a file result in the file not existing. Tried with default terminal, iterm2 and intellij's terminal, all the same so musn't be the terminal.

    Doing some try/fail we suspect that the faulty line is subprocess.call( but doing a hexdump of the file (on a xenial box) doesn't show much...

    root@web1:~/pyt/pyt/trigger_definitions# cat flask_trigger_words.pyt | hexdump -C
    00000000  73 6f 75 72 63 65 73 3a  0a 67 65 74 28 0a 2e 64  |sources:.get(..d|
    00000010  61 74 61 0a 66 6f 72 6d  5b 0a 66 6f 72 6d 28 0a  |ata.form[.form(.|
    00000020  4d 61 72 6b 75 70 28 0a  63 6f 6f 6b 69 65 73 5b  |Markup(.cookies[|
    00000030  0a 66 69 6c 65 73 5b 0a  53 51 4c 41 6c 63 68 65  |.files[.SQLAlche|
    00000040  6d 79 0a 0a 73 69 6e 6b  73 3a 0a 72 65 70 6c 61  |my..sinks:.repla|
    00000050  63 65 28 20 2d 3e 20 65  73 63 61 70 65 0a 73 65  |ce( -> escape.se|
    00000060  6e 64 5f 66 69 6c 65 28  20 2d 3e 20 27 2e 2e 27  |nd_file( -> '..'|
    00000070  2c 20 27 2e 2e 27 20 69  6e 0a 65 78 65 63 75 74  |, '..' in.execut|
    00000080  65 28 0a 73 79 73 74 65  6d 28 0a 66 69 6c 74 65  |e(.system(.filte|
    00000090  72 28 0a 73 75 62 70 72  6f 63 65 73 73 2e 63 61  |r(.subprocess.ca|
    000000a0  6c 6c 28 0a 72 65 6e 64  65 72 5f 74 65 6d 70 6c  |ll(.render_templ|
    000000b0  61 74 65 28 0a 73 65 74  5f 63 6f 6f 6b 69 65 28  |ate(.set_cookie(|
    000000c0  0a 72 65 64 69 72 65 63  74 28 0a 75 72 6c 5f 66  |.redirect(.url_f|
    000000d0  6f 72 28 0a 66 6c 61 73  68 28 0a 6a 73 6f 6e 69  |or(.flash(.jsoni|
    000000e0  66 79 28                                          |fy(|
    000000e3
    

    The result of this is the tool can't seem to run on mac since this file is not available, fails with

    Traceback (most recent call last):
      File ".../bin/pyt", line 11, in <module>
        load_entry_point('pyt==1.0.0a20', 'console_scripts', 'pyt')()
      File ".../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/__main__.py", line 247, in main
        args.trim_reassigned_in)
      File ".../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/vulnerabilities.py", line 394, in find_vulnerabilities
        definitions = parse(trigger_word_file)
      File ".../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/trigger_definitions_parser.py", line 48, in parse
        with open(trigger_word_file, 'r') as fd:
    FileNotFoundError: [Errno 2] No such file or directory: '.../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/trigger_definitions/flask_trigger_words.pyt'
    

    Does that ring any bell?

    opened by lindycoder 7
  • (Not an issue right now) Handle multiple returns

    (Not an issue right now) Handle multiple returns

    ~~I'll try to work on this relatively soon, but~~ to think out loud..

    In interprocedural_cfg.py, we have

    def return_handler(self, node, function_nodes):
        """Handle the return from a function during a function call."""
        call_node = None
        for n in function_nodes:
            if isinstance(n, ConnectToExitNode):
                LHS = CALL_IDENTIFIER + 'call_' + str(self.function_index)
                previous_node = self.nodes[-1]
                if not call_node:
                    RHS = 'ret_' + get_call_names_as_string(node.func)
                    r = RestoreNode(LHS + ' = ' + RHS, LHS, [RHS],
                                    line_number=node.lineno,
                                    path=self.filenames[-1])
                    call_node = self.append_node(r)
                    previous_node.connect(call_node)
            else:
                # lave rigtig kobling
                pass
    

    which cleaned is

    def return_handler(self, call_node, function_nodes):
        """Handle the return from a function during a function call.
    
        Args:
            call_node(ast.Call) : The node that calls the definition.
            function_nodes(list[Node]): List of nodes of the function being called.
        """
        for node in function_nodes:
            # Only Return's and Raise's can be of type ConnectToExitNode
            if isinstance(node, ConnectToExitNode):                
                # Create e.g. ¤call_1 = ret_func_foo RestoreNode
                LHS = CALL_IDENTIFIER + 'call_' + str(self.function_call_index)
                RHS = 'ret_' + get_call_names_as_string(call_node.func)
                return_node = RestoreNode(LHS + ' = ' + RHS,
                                          LHS,
                                          [RHS],
                                          line_number=call_node.lineno,
                                          path=self.filenames[-1])
                self.nodes[-1].connect(return_node)
                self.nodes.append(return_node)
                return 
    

    Firstly, the for loop and the if statement seem to just serve the purpose of "Is there a node of type Return or Raise in the function?" But I think all functions should have at least one return node, right? I'm not sure if I understand the original intention that well e.g. what was going to be in the else?

    Secondly, here is an example to illustrate the problem/need to handle multiple returns:

    TODO

    difficult 
    opened by KevinHock 7
  • Implement -r recursive option

    Implement -r recursive option

    So let us steal, once again (a 3rd, or 4th time), from Bandit.

    https://github.com/openstack/bandit/blob/master/bandit/cli/main.py#L157-L160

    https://github.com/openstack/bandit/blob/8f09d8b208f037b7d49ed6bc88f2ac200e7cc06c/bandit/core/manager.py#L171-L219

    This will enable a user to just give -r /path/to/files instead of -f file one at a time.

    This is less straightforward, you should also add

        parser.add_argument(
            'targets', metavar='targets', type=str, nargs='*',
            help='source file(s) or directory(s) to be tested'
        )
    
        parser.add_argument(
            '-x', '--exclude', dest='excluded_paths', action='store',
            default='', help='comma-separated list of paths to exclude from scan '
                             '(note that these are in addition to the excluded '
                             'paths provided in the config file)'
        )
    

    too.

    This will help us out a great deal, as I'm working on documentation, and then after docs I'll return to the CFG work (the expr_star_handler stuff). So without you I wouldn't work on this for a while.

    cool 
    opened by KevinHock 6
  • Tags: 'final' and 'finalfinal'

    Tags: 'final' and 'finalfinal'

    Hi team,

    Thanks for your project. We added Pyt to our security tools section. While reviewing we noticed we could only extract tags from the GitHub repo, as no releases are used. Now tags are sorted by alphabet, meaning that the tagged version 'finalfinal' always is listed as the highest release number. Not sure if it is possible, but you could re-tag it 'final' and 'finalfinal'. Then the community can pick up future released and promote your project. Otherwise, it gets stuck on a very old version ;-)

    opened by mboelen 6
  • args is empty in BBorBInode when CFG generated

    args is empty in BBorBInode when CFG generated

    Excuse me, why is there no argument in the variable args in the picture below? image cmd_result = subprocess.Popen(cmd,shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.DEVNULL).stdout.read() Sorry, I'm not a native speaker. I hope I'm making myself clear

    opened by megapyroblast 0
  • pyt usually picks the wrong encoding to load files

    pyt usually picks the wrong encoding to load files

    Traceback (most recent call last):
      File "c:\users\matth\appdata\local\programs\python\python38\lib\runpy.py", line 193, in _run_module_as_main
        return _run_code(code, main_globals, None,
      File "c:\users\matth\appdata\local\programs\python\python38\lib\runpy.py", line 86, in _run_code
        exec(code, run_globals)
      File "C:\Users\matth\.local\bin\pyt.exe\__main__.py", line 7, in <module>
      File "c:\users\matth\.local\pipx\venvs\python-taint\lib\site-packages\pyt\__main__.py", line 92, in main
        nosec_lines[path] = retrieve_nosec_lines(path)
      File "c:\users\matth\.local\pipx\venvs\python-taint\lib\site-packages\pyt\__main__.py", line 57, in retrieve_nosec_lines
        lines = file.readlines()
      File "c:\users\matth\appdata\local\programs\python\python38\lib\encodings\cp1252.py", line 23, in decode
        return codecs.charmap_decode(input,self.errors,decoding_table)[0]
    UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 2105: character maps to <undefined>
    

    sometimes this helps

    export PYTHONIOENCODING=utf-8
    export LC_ALL=en_US.UTF-8
    export LANG=en_US.UTF-8
    

    but today it didn't so I'm about ready to stop using pyt... I'm somewhat worried I've been using it wrong for a few years because of the various tools I use, pyt never complained about anything, (i.e. found no vulnerabilities or bugs, neither positive or false)

    If anyone ever takes over this project, then all the file open() calls should either specify utf-8 (a better "guess") or use chardet to make a really good guess.

    opened by matthewdeanmartin 1
  • docs: fix simple typo, traveral -> traversal

    docs: fix simple typo, traveral -> traversal

    There is a small typo in README.rst.

    Should read traversal rather than traveral.

    Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

    opened by timgates42 0
  • Fails on Python 3.9.0

    Fails on Python 3.9.0

    Looks like pyt took a dependency on a private attribute that has disappeared. Yes. I saw the tool is no longer maintained, but it used to at least run on 3.8.x

    Traceback (most recent call last):
      File "/root/.local/bin/pyt", line 8, in <module>
        sys.exit(main())
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/__main__.py", line 101, in main
        cfg = make_cfg(
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/make_cfg.py", line 36, in make_cfg
        visitor = ExprVisitor(
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/expr_visitor.py", line 69, in __init__
        self.init_cfg(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/expr_visitor.py", line 76, in init_cfg
        module_statements = self.visit(node)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 67, in visit_Module
        return self.stmt_star_handler(node.body)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 88, in stmt_star_handler
        node = self.visit(stmt)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 1069, in visit_ImportFrom
        return self.add_module(
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 807, in add_module
        self.visit(tree)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 67, in visit_Module
        return self.stmt_star_handler(node.body)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 88, in stmt_star_handler
        node = self.visit(stmt)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 460, in visit_Assign
        label.visit(node)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 56, in visit_Assign
        self.visit(node.value)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 334, in visit_IfExp
        self.visit(node.orelse)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 173, in visit_Subscript
        self.slicev(node.slice)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 190, in slicev
        self.visit(node.value)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/usr/local/lib/python3.9/ast.py", line 411, in generic_visit
        for field, value in iter_fields(node):
      File "/usr/local/lib/python3.9/ast.py", line 249, in iter_fields
        for field in node._fields:
    AttributeError: 'str' object has no attribute '_fields'
    
    opened by matthewdeanmartin 7
  • How to handle callbacks

    How to handle callbacks

    Hi, I am trying pyt to work through callbacks. It taints the function arguments but not callbacks. If anyone has any idea about this , please let me know.

    opened by sabazahra 2
Owner
null
Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

pyup.io 1.4k Dec 30, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

AnonyminHack5 12 Dec 2, 2022
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 9, 2022
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

null 11 Apr 2, 2022
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Frank 3 Feb 7, 2022
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

null 52 Dec 17, 2022
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

EntySec 118 Dec 24, 2022
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

Christopher Roberts 3 Nov 16, 2021
WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

null 3 Feb 20, 2022
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo Hanžek 1 Jan 14, 2022
Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.

RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T

Microsoft 823 Dec 21, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

null 39 Dec 16, 2022
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.

null 136 Dec 13, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

?? Recon ?? The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022