PyPI Stats

Appsec Python Packages

Python packages with the GitHub topic appsec. Sorted by relevance, with stars and monthly downloads.
Kylmakalle
devicecheck

Reduce fraudulent use of your services by managing device state and asserting app integrity via Apple DeviceCheck API with this Python wrapper.

960K 34 5
ajinabraham
libsast

Generic SAST Library

332K 136 22
MobSF
mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

154K 754 121
ajinabraham
njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

134K 425 103
duriantaco
ca9

CVE reachability analysis for Python. Stop fixing vulnerabilities that don't affect you. Static + dynamic analysis to cut SCA noise from Snyk, Dependabot, Trivy, and others.

64K 4 0
maurosoria
dirsearch

Web path scanner

24K 14K 2K
infamousjoeg
pyaim

@CyberArk Application Access Manager Client Library for Python 3

9K 28 6
openziti
openziti

Ziti SDK for Python

5K 94 8
squid-protocol
gitgalaxy

An AST-free, LLM-free heuristic knowledge graph engine for deep repository intelligence. Map, secure, and modernize enterprise codebases across 50+ languages at extreme velocity

5K 22 0
nocomplexity
codeaudit

Codeaudit - Modern Python source code security analyzer based on distrust.

3K 37 1
infobyte
faradaysec

Open Source Collaborative Penetration Test and Vulnerability Management Platform https://www.faradaysec.com

3K 6K 1K
FrancescoStabile
numasec

AI agent for penetration testing. Like Claude Code, but for security. Open source, MCP-native, works with any LLM.

2K 119 17
bluerock-io
bluerock-oss

metamorphic rock which glows blue when activated, sheaths python, MCP & more

2K 2 0
F5-Labs
cryptonice

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.

2K 101 22
manthanghasadiya
mcpsec

An AI-driven dynamic protocol fuzzer for the Model Context Protocol (MCP). Prove runtime exploitability by discovering state violations, transport crashes, and application-layer logic flaws (SSRF, LFI) before your AI agents do.

2K 21 3
IncludeSecurity
safeurl-python

Python implementation of SafeURL (Anti-SSRF Lib)

1K 11 4
dev-ugurkontel
surface-audit

Deterministic security smoke tests for preview, staging, and pre-deploy web URLs.

1K 1 1
hupe1980
cdktg

Agile Threat Modeling as Code

1K 13 2
momenbasel
vulnhawk

AI-powered code security scanner that finds vulnerabilities Semgrep and CodeQL miss

959 45 5
AppThreat
joern-lib

Python library for code analysis with CPG and Joern

952 25 1
bluerock-io
bluerock

metamorphic rock which glows blue when activated, sheaths python, MCP & more

647 2 0
mazen160
llmquery

A package for querying various LLM providers

489 34 2
meddlin
cve-explorer-cli

CLI interface to understand CVEs and their related information

447 0 0
EPTLLC
brs-xss

Context-aware async XSS scanner powered by BRS-KB

411 34 5