View Code? Open in Web Editor NEW

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

License: GNU General Public License v2.0

Makefile 0.01% Python 99.99%

pyt's Introduction

Python Taint

Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis)

Features

Detect Command injection
Detect SQL injection
Detect XSS
Detect directory traversal
Get a control flow graph
Get a def-use and/or a use-def chain
Search GitHub and analyse hits with PyT
A lot of customisation possible

For a look at recent changes, please see the changelog.

Example usage and output:

Install

pip install python-taint

PyT can also be installed from source. To do so, clone the repo, and then run:

python3 setup.py install

Usage from Source

Using it like a user python3 -m pyt -f example/vulnerable_code/XSS_call.py save -du

Running the tests python3 -m tests

Running an individual test file python3 -m unittest tests.import_test

Running an individual test python3 -m unittest tests.import_test.ImportTest.test_import

Contributions

Join our slack group: https://pyt-dev.slack.com/ - ask for invite: [email protected]

Guidelines

Virtual env setup guide

Create a directory to hold the virtual env and project

mkdir ~/a_folder

cd ~/a_folder

Clone the project into the directory

git clone https://github.com/python-security/pyt.git

Create the virtual environment

python3 -m venv ~/a_folder/

Check that you have the right versions

python3 --version sample output Python 3.6.0

pip --version sample output pip 9.0.1 from /Users/kevinhock/a_folder/lib/python3.6/site-packages (python 3.6)

Change to project directory

cd pyt

Install dependencies

pip install -r requirements.txt

pip list sample output :

gitdb (0.6.4)
GitPython (2.0.8)
graphviz (0.4.10)
pip (9.0.1)
requests (2.10.0)
setuptools (28.8.0)
smmap (0.9.0)

In the future, just type source ~/a_folder/bin/activate to start developing.

How It Works

Soon you will find a README.rst in every directory in the pyt folder, start here.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

souravbadami / pyt Goto Github PK