Web Security Python Packages

secure

Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).

cors

🎯 Fast CORS misconfiguration vulnerabilities scanner

requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

arcis

Inside-the-app security middleware for Node.js, Python, and Go. 20+ attack vectors. One install, three languages, MIT.

mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

githacker

A multiple threads tool to download the `.git` folder and rebuild git repository locally.

corscanner

🎯 Fast CORS misconfiguration vulnerabilities scanner

secautoban

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、天融信WAF、科来网络安全分析审计系统、深信服态势感知、启明星辰全网安全态势感知系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、旁路阻断（无需设备配合）、BGP、奇安信防火墙、天融信防火墙、深信服防火墙。

driftmux

Driftmux is a black-box auditing tool focused on service discovery, classification, and adaptive scan routing.

numasec

The AI Agent for Cyber Security.

pyhtools

Python Hacking Tools (PyHTools) (pht) is a collection of python written hacking tools consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, and reverse_backdoor along with website login bruteforce, scraper, web spider etc. PHT also includes malwares which are undetectable by the antiviruses.

cssinj

A python tools to exploits CSS injection vulnerabilities to exfiltrate sensitive information from web applications.

brs-xss

Context-aware async XSS scanner powered by BRS-KB

surface-audit

Deterministic web security smoke tests for preview, staging, and pre-deploy URLs.

overreacher

A CORS Misconfiguration scanning tool

brs-kb

XSS Knowledge Base — 4900+ Payloads, 169 Contexts, WAF Bypasses, Zero Dependencies

githack

A .git/ folder disclosure exploit

aizawa

The Ninja's Choice for Web Operations

nodriver-proxy-mcp

Unified MCP Server for Web Security — 39 tools for autonomous pentesting

padding-oracle

Threaded padding oracle automation.

spyhunt

SpyHunt v4.0: A comprehensive Network Scanner & Vulnerability Assessment tool. Automate OSINT, Reconnaissance, and Bug Bounty hunting with advanced scanners (XXE, SSRF, SSTI, SQLi) plus Nuclei & Shodan integration. (Fork from @gotr00t0day)

django-gradual-throttle

Django middleware for gradual request throttling with configurable delay strategies

explo

Human and machine readable web vulnerability testing format

clickjacking-poc

A Python package for creating a clickjacking proof of concept (POC).