Skip to content
Switch branches/tags
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

A curated list of awesome Python security related resources.


List inspired by the awesome list thing.

Supported by:



Web Framework Hardening

  • - πŸ”’ is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
  • Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
  • Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
  • Django Session CSRF - CSRF protection for Django without cookies.

Multi tools

  • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Hubble - Hubble is a modular, open-source security compliance framework.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

Static Code Analysis

  • Bandit - Bandit is a tool designed to find common security issues in Python code.
  • Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
  • Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.

Vulnerabilities and Security Advisories

Penetration Testing

  • EvilTwinFramework - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
  • sqlmap - Automatic SQL injection and database takeover tool


  • Passlib - Secure password storage/hashing library, very high level.
  • PyNacl - Python binding to the Networking and Cryptography (NaCl) library.

Application Templates


Hacking Playground

  • Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
  • django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
  • DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
  • DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.

Articles, Guides & Talks

  • cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
  • 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
  • OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
  • Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.


  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.


Reporting Bugs


Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!

say hi on Twitter