Open Source Python Security Software

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB's default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called the MongoDB apocalypse. mongoaudit not only detects misconfigurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! MongoDB listens on a port different to default one. Server only accepts connections from whitelisted hosts / networks. MongoDB HTTP status interface is not accessible on port 28017. MongoDB is not exposing its version number. MongoDB version is newer than 2.4. TLS/SSL encryption is enabled. Authentication is enabled. SCRAM-SHA-1 authentication method is enabled.

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

FLAG was designed to simplify the process of log file analysis and forensic investigations. FLAG facilitates efficient analysis of large quantities of data within an interactive environment. PyFlag is the reimplementation of FLAG in Python.

The csvdatamix project aims to randomize CSV input data files in order to conceal the original state of the data. Similar to data masking or data transformation. Also has mapping abilities to translate back to the original state of the data.

ConDEnSE (Confidential Data Enabled Statistical Exploration) will be a web-based environment for statistical analysis of confidential data from various database sources, based on Plone and R, and using the Jackknife method of confidentiality protection.

Applicativo per il supporto alla stesura del Documento Programmatico sulla Sicurezza (DPS) ai sensi del D.leg.196 del 30/06/2003.Permette la raccolta dei dati rilevanti e la produzione degli allegati del suddetto documento. dpshelper@gmail.com

A Python/Gtk application to manage groups of users stored in an LDAP database, using data from X509 certificates imported from files or LDAP servers maintained by certificate authorities. These groups are used to create grid-map files used by the Globus

Download code, Learn code, Share code. The Ongoing Object-oriented Perl Project. scripts, tutorials, modules, case studies, anything OOPerl --not excluding contributions of OO discipline in other programming languages.

Libdejector is a database tool which defeats SQL injection attacks by performing context-free validation of queries. While written in C, SWIG wrappers exist for Python and other languages will be following soon.

Securely store unstructured data in (keyword, record) pairs. Both keywords and record data are encrypted. Ideal for storing passwords, account information, etc. Thus, srd is a general-purpose password vault or a secure rolodesk application.

system is designed to control staff access to production databases, as well as taking into account their passage of time.