PyRank

Appsec Python Packages

Python packages with the GitHub topic appsec. Sorted by relevance, with stars and monthly downloads.
Kylmakalle
devicecheck

Reduce fraudulent use of your services by managing device state and asserting app integrity via Apple DeviceCheck API with this Python wrapper.

1M 34 5
ajinabraham
libsast

Generic SAST Library

352K 136 22
MobSF
mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

161K 754 121
ajinabraham
njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

150K 426 103
duriantaco
ca9

Open source Python CVE reachability analysis for evidence-backed SCA triage. Turn Snyk, Dependabot, Trivy, pip-audit, and OSV alerts into fix, suppress, or investigate decisions.

69K 5 0
maurosoria
dirsearch

Web path scanner

24K 14K 2K
infamousjoeg
pyaim

@CyberArk Application Access Manager Client Library for Python 3

9K 28 6
lucashgrifoni
oss-policy-kit

Policy-as-code starter kit for OSS repository governance and CI/CD hygiene across GitHub, Azure, and AWS.

6K 3 1
salecharohit
semhound

Scan every repository across your GitHub organisations using Semgrep rules, with optional AI triage (Claude · Gemini · GPT · Bedrock)

5K 7 1
openziti
openziti

Ziti SDK for Python

5K 95 8
squid-protocol
gitgalaxy

An AST-free, LLM-free heuristic knowledge graph engine for deep repository intelligence. Map, secure, and modernize enterprise codebases across 50+ languages at extreme velocity

4K 27 0
infobyte
faradaysec

Open Source Vulnerability Management Platform

4K 6K 1K
nocomplexity
codeaudit

Codeaudit - Modern Python source code security analyzer based on distrust.

3K 40 1
F5-Labs
cryptonice

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.

2K 101 22
IncludeSecurity
safeurl-python

Python implementation of SafeURL (Anti-SSRF Lib)

2K 11 4
hupe1980
cdktg

Agile Threat Modeling as Code

1K 13 2
AliAmmar15
velonus

AI-native security copilot for Python developers. Scans for secrets, vulnerabilities, and dependency CVEs — then tells you how to fix them.

1K 32 2
Jitesh17
secscan-tool

Automated web security scanner with HTML/Markdown/JSON reports and AI-tailored remediation

935 1 1
bluerock-io
bluerock-oss

Rust DSO backend for BlueRock — handles NDJSON event writing for the bluerock Python sensor

850 29 5
FrancescoStabile
numasec

The AI Agent for Cyber Security.

813 360 45
manthanghasadiya
mcpsec

An AI-driven dynamic protocol fuzzer for the Model Context Protocol (MCP). Prove runtime exploitability by discovering state violations, transport crashes, and application-layer logic flaws (SSRF, LFI) before your AI agents do.

737 22 3
AppThreat
joern-lib

Python library for code analysis with CPG and Joern

522 25 1
mazen160
llmquery

Powerful LLM Query Framework with YAML Prompt Templates. Made for Automation

504 34 2
EPTLLC
brs-xss

Context-aware async XSS scanner powered by BRS-KB

485 34 5