There are many comprehensive online security testing scanners out there, but they may not be able to detect a specific weakness in a platform like Python, Node.js. etc.
Let’s take a look at the list of scanners to find a security risk in a Python application.
1. PYT (Python Taint)
An open source static analysis tool for protecting against command injection, cross-site scripting (XSS), SQL injection, and directory attacks in Python web applications.
If you would like to contribute to PYT , then you can join their slack group .
2. Bandit
Bandit is a free open source tool for finding vulnerabilities in your Python code. This tool processes each file and generates a report.
You can install it with pip
.
You can customize the Bandit checkout configuration . By default, the test is performed for all profiles, however, if you only want to test ShellInjection , use the command below.
bandit samples/*.py -p ShellInjection
You can also report based on the severity level (low, medium, or high).
3. Pyntch
Tool Pyntch supports Python 2.x only, static code analyzer for the detection of possible errors at run time.
It will not help you find a vulnerability in your code, but it can be useful for identifying errors in exceptions.
It is a fast tool capable of scanning thousands of lines per minute.
4. Spaghetti
A handy open source Python-based scanner for detecting misconfigurations, unsafe files, and supporting web frameworks like CherryPy, CakePHP, etc.
Spaghetti is capable of detecting a variety of attacks, including the following:
- Brutforce attack
- Hacking Credit Card, Email, IP Disclosure
- HTML / SQL / LDAP / XPATH / XSS
- ShellShock, Crime, Struts-shock
- Anonymous cipher
5. RATS (Rough Auditing Tools for Security)
The RATS tool analyzes Python, PHP, Perl, C ++ code and highlights security errors as shown below:
- Check time
- Usage time
- Buffer overflow
6. Acunetix
Acunetix checks your site for over 5,000 different vulnerabilities and provides a detailed report with recommendations for fixing. It is a comprehensive vulnerability scanning platform for testing web applications.
If you have a Python web application, this tool will help you with in-depth security analysis.
7. Requires
require.io monitors the safety of Python dependencies and notifies you when it detects deprecated or vulnerable modules.
You can customize how you receive notifications by adding badges, email, or GitHub pull.
8. Safety
Python dependency checker, Safety can scan local virtual environment, requirements file, inputs stdin
for security issues.
Conclusion
I hope the tools listed above help you find security risks in your Python application.