Search Packages

secure

Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).

cors

🎯 Fast CORS misconfiguration vulnerabilities scanner

requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

numasec

AI agent for penetration testing. Like Claude Code, but for security. Open source, MCP-native, works with any LLM.

mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

arcis

One-line security middleware for Node.js and Python. XSS, SQLi, SSRF, rate limiting, CORS, security headers

githacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

corscanner

🎯 Fast CORS misconfiguration vulnerabilities scanner

surface-audit

Deterministic security smoke tests for preview, staging, and pre-deploy web URLs.

nodriver-proxy-mcp

Unified MCP Server for Web Security — 39 tools for autonomous pentesting

secautoban

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、天融信WAF、科来网络安全分析审计系统、深信服态势感知、启明星辰全网安全态势感知系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、旁路阻断（无需设备配合）、BGP、奇安信防火墙、天融信防火墙、深信服防火墙。

pyhtools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

brs-xss

Context-aware async XSS scanner powered by BRS-KB

padding-oracle

Threaded padding oracle automation.

overreacher

A CORS Misconfiguration scanning tool

brs-kb

BRS-KB is XSS Knowledge Base API

spyhunt

A comprehensive network scanning and vulnerability assessment tool designed for security professionals

githack

A .git/ folder disclosure exploit

aizawa

Aizawa is a command-line webshell designed to execute commands through HTTP header

explo

Test web based vulnerabilities from a .yaml file

django-gradual-throttle

🕒 A Django middleware for graceful request throttling with configurable delay strategies (linear, exponential, or custom). Unlike traditional rate limiting that blocks excessive traffic, this package introduces progressive delays to throttle requests smartly and smoothly.

cssinj

CSSINJ is a tool that exploits CSS injection vulnerabilities to exfiltrate sensitive information from web applications. This tool is designed for security professionals to assess the security posture of web applications by demonstrating how CSS can be used to extract data covertly.

clickjacking-poc

A Python package for creating a clickjacking proof of concept (POC).

phantomcollect

Advanced stealth web data collection framework for security