Top 23 Python Security Projects

Security

• Add a project

1. PayloadsAllTheThings

   1 37 75,841 8.5 Python

   A list of useful payloads and bypass for Web Application Security and Pentest/CTF

   

   Project mention: Irish-Name-Repo 2 - picoCTF '19 (web) | dev.to | 2025-09-06

   if you've never worked on SQL injection that's fine there is a PWNSOME REPOSITORY(get it? pwn + awesome) called[ Payload All The Things (https://github.com/swisskyrepo/PayloadsAllTheThings) it has different payloads for different web vulnerabilities.

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Database Purpose-Built for High-Resolution Data. Turn time series data into real-time intelligence. Manage high-volume, high-velocity data without sacrificing performance.

   

3. mitmproxy

   2 170 42,531 9.5 Python

   An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

   

   Project mention: Overcoming Geo-Blocked Feature Testing with Zero-Budget DevOps Strategies | dev.to | 2026-02-03

   Leverage open-source proxy tools like mitmproxy or tinyproxy, which allow you to intercept and modify HTTP requests and responses in real-time. By configuring these, you can simulate different geo conditions:

4. quivr

   3 24 38,984 9.1 Python

   Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.

   

5. SQLMap

   4 46 36,767 9.6 Python

   Automatic SQL injection and database takeover tool

   

   Project mention: 🛡️ Examining the Database in SQL Injection Attacks | dev.to | 2025-06-14

   SQLMap Project

6. CheatSheetSeries

   5 56 31,507 9.2 Python

   The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

   

   Project mention: CSRF Protection Without Tokens or Hidden Form Fields | news.ycombinator.com | 2025-12-22

   Again, the maintainer eventually came around.

   Our confusion might be due to the fact that an erroneous PR (by seemingly an AI-wielding student...) was somehow recently accepted that completely reverted the changes we collectively worked on, which effectively made Fetch Metadata a full solution. So, it is back to showing as defense in depth. I've raised an issue about it, which wouldn't have happened if I didn't see your article!

   Here's the previous language:

   > If your software targets only modern browsers, you may rely on [Fetch Metadata headers](#fetch-metadata-headers) together with the fallback options described below to block cross-site state-changing requests

   We then detailed some fallbacks (eg Origin header). Full text can be viewed in the original PR

   https://github.com/OWASP/CheatSheetSeries/pull/1875

   or

   https://github.com/OWASP/CheatSheetSeries/blob/7fc3e6b8fde65...

7. algo

   6 159 30,327 9.3 Python

   Set up a personal VPN in the cloud

   

   Project mention: AlgoVPN 2.0 Release | news.ycombinator.com | 2025-08-23

8. hosts

   7 320 29,949 9.5 Python

   🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

   

   Project mention: When internal hostnames are leaked to the clown | news.ycombinator.com | 2026-02-04

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. macOS-Security-and-Privacy-Guide

    8 25 22,474 7.0 Python

    Community guide to securing and improving privacy on macOS.

    

11. DB-GPT

    9 11 18,223 9.0 Python

    AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents

    

    Project mention: Launch HN: Gecko Security (YC F24) – AI That Finds Vulnerabilities in Code | news.ycombinator.com | 2025-08-01

    Yes, that's exactly what we do. Some examples: https://github.com/eosphoros-ai/DB-GPT/pull/2650, https://github.com/dagster-io/dagster/pull/30002

    We just need to follow responsible disclosure first by notifying the maintainers, working with them on a fix, and making it public once it is resolved.

12. Fail2Ban

    10 58 17,116 8.8 Python

    Daemon to ban hosts that cause multiple authentication errors

    

    Project mention: Fail2ban RCE | news.ycombinator.com | 2025-11-26

    Relevant discussion: https://github.com/fail2ban/fail2ban/issues/4110

    Looks like a slop report that somehow made its way into the CVE database.

13. wifiphisher

    11 5 14,388 2.1 Python

    The Rogue Access Point Framework

    

14. dirsearch

    12 12 14,052 7.5 Python

    Web path scanner

    

15. prowler

    13 29 13,182 9.9 Python

    Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

    

    Project mention: Budget Friendly ISO27001/SOC2 Compliant Environments for AWS | dev.to | 2026-03-04

    Fortunately compliance evidence gathering has been automated with countless tools and services. Opensource tools such as Prowler, CISO Assistant or vendors such as Scrut Automation, Sprinto or Vanta have made evidence collection highly accesible.

16. routersploit

    14 11 13,012 3.4 Python

    Exploitation Framework for Embedded Devices

    

17. opensnitch

    15 227 12,950 9.6 Python

    OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

    

    Project mention: Gnome calculator pings the International Monetary Fund website | news.ycombinator.com | 2026-01-05

18. urh

    16 38 12,264 7.0 Python

    Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

    

    Project mention: I hacked Sonoff RF Bridge to control my ceiling fan lights | dev.to | 2025-10-20

    Plug in the SDR into your Laptop and install Universal Radio Hacker (URH) software. Get your ceiling fan light remote control ready and record the RF signal with URH. Usually, the RF frequency is 433.92M.

19. mvt

    17 92 12,206 8.4 Python

    MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

    

    Project mention: Conducting forensics of mobile devices to find signs of a potential compromise | news.ycombinator.com | 2025-03-16

20. scapy

    18 29 12,095 8.9 Python

    Scapy: the Python-based interactive packet manipulation program & library.

    

    Project mention: Network Scanning with Python: ARP, Port, and DNS Scanner | dev.to | 2025-10-18

    Network security and reconnaissance are essential skills for cybersecurity professionals. In this blog post, we will build a Python-based network scanner that performs ARP scanning, port scanning, and DNS resolution using the scapy, socket, dns.resolver, and threading libraries. We will also use rich for better console output.

21. sigma

    19 43 10,174 9.8 Python

    Main Sigma Rule Repository

    

    Project mention: Building a Sigma Rule Engine in TypeScript: Detection-as-Code for Log Analysis | dev.to | 2025-12-03

    Sigma is like "Snort rules for logs." It's a generic signature format that describes suspicious activity in a platform-agnostic way.

22. BunkerWeb

    20 25 10,110 9.9 Python

    🛡️ Open-source and next-generation Web Application Firewall (WAF)

    

    Project mention: Show HN: BunkerWeb – open-source and cloud-native WAF/WAAP | news.ycombinator.com | 2026-01-12

23. frappe

    21 5 9,770 10.0 Python

    Low code web framework for real world applications, in Python and Javascript

    

    Project mention: Kan.bn – An open-source alterative to Trello | news.ycombinator.com | 2025-06-02

24. objection

    22 19 8,925 6.5 Python

    📱 objection - runtime mobile exploration

    

    Project mention: Wanted to spy on my dog, ended up spying on TP-Link | news.ycombinator.com | 2025-09-15

25. Mailpile

    23 10 8,849 4.0 Python

    A free & open modern, fast email client with user-friendly encryption and privacy features

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Python Security related posts

• GitGuardian MCP: Secret Scanning as a Hard Merge Gate for AI-Generated Code

  2 projects | dev.to | 10 Mar 2026

• Secret-time-machine: scan your Git history for secrets you deleted years ago

  2 projects | news.ycombinator.com | 9 Mar 2026

• 39 CVEs in WebGoat. Only 36 Were Reachable.

  2 projects | dev.to | 9 Mar 2026

• Security Scanner for Agent Skills

  1 project | news.ycombinator.com | 6 Mar 2026

• AI Writes Code. Where Is the Proof?

  2 projects | dev.to | 5 Mar 2026

• Ask HN: Maintainers, do LLM-only users often clutter your issues/PRs?

  2 projects | news.ycombinator.com | 4 Mar 2026

• Show HN: WP-Hunter, WP recon and SAST tool (building Agentic AI pipeline)

  1 project | news.ycombinator.com | 26 Feb 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 11 Mar 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

InfluxDB – Database Purpose-Built for High-Resolution Data

Turn time series data into real-time intelligence. Manage high-volume, high-velocity data without sacrificing performance.

www.influxdata.com

Do not miss the trending Python projects with our weekly report!