{"id":13538306,"url":"https://github.com/bit4woo/python_sec","last_synced_at":"2025-05-16T14:08:37.736Z","repository":{"id":41168904,"uuid":"106677894","full_name":"bit4woo/python_sec","owner":"bit4woo","description":"python安全和代码审计相关资料收集 resource collection of python security and code review","archived":false,"fork":false,"pushed_at":"2020-08-06T02:31:28.000Z","size":2754,"stargazers_count":1325,"open_issues_count":1,"forks_count":327,"subscribers_count":41,"default_branch":"master","last_synced_at":"2025-04-12T12:53:50.251Z","etag":null,"topics":["code-review","dangerous-python-functions","django","python","python-django","python-security","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bit4woo.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-12T10:20:00.000Z","updated_at":"2025-04-07T00:52:12.000Z","dependencies_parsed_at":"2022-07-16T18:16:59.350Z","dependency_job_id":null,"html_url":"https://github.com/bit4woo/python_sec","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2Fpython_sec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2Fpython_sec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2Fpython_sec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2Fpython_sec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bit4woo","download_url":"https://codeload.github.com/bit4woo/python_sec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254544146,"owners_count":22088807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-review","dangerous-python-functions","django","python","python-django","python-security","security"],"created_at":"2024-08-01T09:01:09.555Z","updated_at":"2025-05-16T14:08:37.707Z","avatar_url":"https://github.com/bit4woo.png","language":null,"readme":"### 代码注入、命令执行\n\n\t1.内置危险函数\n\texec\n\texecfile\n\teval\n\t\n\t2.标准库危险模块\n\tos\n\tsubprocess\n\tcommands\n\t\n\t3.危险第三方库\n\tTemplate(user_input) : 模板注入(SSTI)所产生的代码执行\n\tsubprocess32 \n\t\n\t4.反序列化\n\tmarshal\n\tPyYAML\n\tpickle和cpickle\n\tshelve\n\tPIL\n\tunzip\n\n\n[Python沙箱逃逸的n种姿势](https://xz.aliyun.com/t/52)\n\n[禁用import的情况下绕过python沙箱](https://www.anquanke.com/post/id/107000)\n\n[Escaping the Python Sandbox](https://zolmeister.com/2013/05/escaping-python-sandbox.html)\n\n[Python Sandbox Bypass](https://mp.weixin.qq.com/s?__biz=MzIzOTQ5NjUzOQ==\u0026mid=2247483665\u0026idx=1\u0026sn=4b18de09738fdc5291634db1ca2dd55a)\n\n[Python之数据序列化（json、pickle、shelve）](http://www.cnblogs.com/yyds/p/6563608.html)\n\n[Exploiting Python PIL Module Command Execution Vulnerability](https://xz.aliyun.com/t/44)\n\n[Exploiting Python Code Injection in Web Applications](https://www.doyler.net/security-not-included/exploiting-python-code-injection)\n\n[EXPLOITING PYTHON CODE INJECTION IN WEB APPLICATIONS](http://www.securitynewspaper.com/2016/11/12/exploiting-python-code-injection-web-applications/)\n\n[Python eval的常见错误封装及利用原理](http://xxlegend.com/2015/07/31/Python%20eval%E7%9A%84%E5%B8%B8%E8%A7%81%E9%94%99%E8%AF%AF%E5%B0%81%E8%A3%85%E5%8F%8A%E5%88%A9%E7%94%A8%E5%8E%9F%E7%90%86/)\n\n[Exploiting Python’s Eval](http://www.floyd.ch/?p=584)\n\n[Exploiting insecure file extraction in Python for code execution](https://ajinabraham.com/blog/exploiting-insecure-file-extraction-in-python-for-code-execution)\n\n[掌阅iReader某站Python漏洞挖掘](https://www.leavesongs.com/PENETRATION/zhangyue-python-web-code-execute.html)\n\n[Python Pickle的任意代码执行漏洞实践和Payload构造](http://code2sec.com/python-picklede-ren-yi-dai-ma-zhi-xing-lou-dong-shi-jian-he-payloadgou-zao.html)\n\n[django的secret key泄漏导致的命令执行实践](http://code2sec.com/djangode-secret-keyxie-lou-dao-zhi-de-ming-ling-zhi-xing-shi-jian.html)\n\n[Remote Code Execution on a Facebook server](https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/)\n\n[Python PyYAML反序列化漏洞实验和payload构造](http://www.code2sec.com/2017/09/22/python-pyyaml%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%AE%9E%E9%AA%8C%E5%92%8Cpayload%E6%9E%84%E9%80%A0/)\n\n[Exploiting Python Deserialization Vulnerabilities](https://crowdshield.com/blog.php?name=exploiting-python-deserialization-vulnerabilities)\n\n[Shellcoding in Python’s serialisation format](https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_WP.pdf)\n\n[PyCodeInjection代码注入实验环境](https://github.com/sethsec/PyCodeInjection)\n\n[Exploiting Python Code Injection in Web Applications](https://sethsec.blogspot.com/2016/11/exploiting-python-code-injection-in-web.html)  （[翻译版](https://www.anquanke.com/post/id/84891)）\n\n[Numpy反序列化命令执行(CVE-2019-6446)浅析](https://www.freebuf.com/vuls/194540.html)\n\n\n\n### 代码审计\n\n[Python安全编码和代码审计](http://xxlegend.com/2015/07/30/Python%E5%AE%89%E5%85%A8%E7%BC%96%E7%A0%81%E5%92%8C%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/)\n\n[Python代码审计连载之一：CSRF](https://xz.aliyun.com/t/391) 同  \u003chttps://www.cdxy.me/?p=736\u003e \n\n[Python代码审计连载之二：SSTI](https://xz.aliyun.com/t/390)  同 \u003chttps://www.cdxy.me/?p=738\u003e \n\n[Python代码审计连载之三：Server Side Request](https://xz.aliyun.com/t/389) 同  \u003chttps://www.cdxy.me/?p=744\u003e \n\n[Python代码审计连载之四：Command Execution](https://xz.aliyun.com/t/388) 同  \u003chttps://www.cdxy.me/?p=747\u003e \n\n[Dangerous Python Functions, Part 1](https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html)\n\n[Dangerous Python Functions, Part 2](https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html)\n\n[Dangerous Python Functions, Part 3](https://www.kevinlondon.com/2017/01/30/dangerous-python-functions-pt3.html)\n\n[记一下PythonWeb代码审计应该注意的地方](http://blog.neargle.com/2016/07/25/log-of-simple-code-review-about-python-base-webapp/)\n\n[廖新喜大佬的python代码审计工具](https://github.com/shengqi158/pyvulhunter)\n\n[来自openstack安全团队的python代码静态审计工具](https://github.com/openstack/bandit)\n\n[来自openstack安全团队的python代码静态审计工具2](https://github.com/openstack/syntribos)\n\n[代码审计工具pyt](https://github.com/python-security/pyt)\n\n[xfkxfk的python自动化代码审计](https://mp.weixin.qq.com/s?__biz=MzUxOTYzMzU0NQ==\u0026mid=2247483887\u0026idx=1\u0026sn=99ab12309de75381e37c058d53def1b6\u0026chksm=f9f7ee09ce80671fc5887a9c25350fc610559cc1e095f9b689473873889581e4c5fbb0dec2cd\u0026mpshare=1\u0026) 基于[pyekaboo](https://github.com/SafeBreach-Labs/pyekaboo) 和廖新喜的[pyvulhunter](https://github.com/shengqi158/pyvulhunter)\n\n\n\n### Django相关\n\n[Django debug page XSS漏洞（CVE-2017-12794）分析](https://www.leavesongs.com/PENETRATION/django-debug-page-xss.html)\n\n[Django DeleteView without confirmation template, but with CSRF attack](https://www.leavesongs.com/PYTHON/django-deleteView-without-confirmation-template.html)\n\n[Django安全机制](http://xxlegend.com/2015/04/01/Django%E5%AE%89%E5%85%A8%E6%9C%BA%E5%88%B6/)\n\n[从Django的SECTET_KEY到代码执行](http://xxlegend.com/2015/04/01/%E4%BB%8EDjango%E7%9A%84SECTET_KEY%E5%88%B0%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/)\n\n[Django CSRF Bypass (CVE-2016-7401) 漏洞分析](https://paper.seebug.org/58/)\n\n[Django CSRF Bypass 漏洞分析(CVE-2016-7401)](http://blog.knownsec.com/2016/10/django-csrf-bypass_cve-2016-7401/)\n\n[Django的两个url跳转漏洞分析:CVE-2017-7233\u00267234](https://paper.seebug.org/274/)\n\n[Python 格式化字符串漏洞（Django为例）](https://www.leavesongs.com/PENETRATION/python-string-format-vulnerability.html) 同 https://xz.aliyun.com/t/288\n\n[Django 安全最佳实践](http://www.atjiang.com/2scoopsdjango1.8-26-security-best-practices/)\n\n[从Pwnhub诞生聊Django安全编码](https://www.leavesongs.com/PYTHON/django-coding-experience-from-pwnhub.html)\n\n[python和django的目录遍历漏洞(任意文件读取)](http://www.lijiejie.com/python-django-directory-traversal/)\n\n[新型任意文件读取漏洞的研究](https://www.leavesongs.com/PENETRATION/arbitrary-files-read-via-static-requests.html)\n\n[django的一些安全问题答案](https://www.kevinlondon.com/2015/10/16/answers-to-django-security-questions.html)\n\n[Django JSONField SQL注入漏洞（CVE-2019-14234）分析与影响](https://www.leavesongs.com/PENETRATION/django-jsonfield-cve-2019-14234.html)\n\n\n\n### package钓鱼\n\n[Package 钓鱼](https://paper.seebug.org/311/)\n\n[被忽视的攻击面：Python package 钓鱼](https://paper.seebug.org/326/)\n\nhttps://www.pytosquatting.org/\n\n[PyPI 官方仓库遭遇request恶意包投毒](https://mp.weixin.qq.com/s/dkPdXfGfSK097GI6Ln92lA)\n\n\n\n### LDAP注入\n\n[Python安全编码之预防LDAP注入](http://xxlegend.com/2016/12/01/Python%E5%AE%89%E5%85%A8%E7%BC%96%E7%A0%81%E4%B9%8B%E9%A2%84%E9%98%B2LDAP%E6%B3%A8%E5%85%A5/)\n\n\n\n### SSRF\n\n[谈一谈如何在Python开发中拒绝SSRF漏洞](https://www.leavesongs.com/PYTHON/defend-ssrf-vulnerable-in-python.html)\n\n[Python安全 - 从SSRF到命令执行惨案](https://www.leavesongs.com/PENETRATION/getshell-via-ssrf-and-redis.html)\n\n[Splash SSRF 到获取内网服务器 ROOT 权限](https://xz.aliyun.com/t/118)\n\n\n\n### XSS\n\n[Flask Debugger页面上的通用XSS漏洞分析和挖掘过程记录](http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/)\n\n\n\n### SQLI\n\n[讨论PythonWeb开发中可能会遇到的安全问题之SQL注入](http://blog.neargle.com/2016/07/22/pythonweb-framework-dev-vulnerable/)\n\n[Django JSONField SQL注入漏洞（CVE-2019-14234）分析与影响](https://www.leavesongs.com/PENETRATION/django-jsonfield-cve-2019-14234.html)\n\n\n\n### SSTI模版注入\n\n[Python Security Auditing (II): SSTI](https://www.cdxy.me/?p=738)\n\n[exploring-ssti-in-flask-jinja2](https://nvisium.com/blog/2016/03/09/exploring-ssti-in-flask-jinja2/)\n\n[exploring-ssti-in-flask-jinja2-part-ii](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)\n\n\n\n### python webshell\n\nhttps://github.com/evilcos/python-webshell\n\nhttps://github.com/ahhh/Reverse_DNS_Shell\n\n\n\n### paper\n\nPython_Hack_知道创宇_北北(孙博).pdf\n\n\n\n### 其他\n\n[如何判断目标站点是否为Django开发](https://www.leavesongs.com/PENETRATION/detect-django.html)\n\n[Supervisord远程命令执行漏洞（CVE-2017-11610）](https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html)\n\n[python富文本XSS过滤器](https://www.leavesongs.com/PYTHON/python-xss-filter.html)\n\n[基于mezzanine的攻防比赛环境搭建及XXE漏洞构造/](http://xxlegend.com/2016/04/01/%E5%9F%BA%E4%BA%8Emezzanine%E7%9A%84%E6%94%BB%E9%98%B2%E6%AF%94%E8%B5%9B%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA%E5%8F%8AXXE%E6%BC%8F%E6%B4%9E%E6%9E%84%E9%80%A0/)\n\n[Python Waf黑名单过滤下的一些Bypass思路](http://www.0aa.me/index.php/archives/123/)\n\n[Pwnhub Web题Classroom题解与分析](https://www.leavesongs.com/PENETRATION/pwnhub-web-classroom-django-sql-injection.html)\n\n[Programming Secure Web Applications in Python](https://www.thoughtco.com/programming-secure-web-applications-2813531)\n\n[[CVE-2016-5699] HTTP Header Injection in Python urllib](http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html) 同 http://www.anquan.us/static/drops/papers-16905.html\n\n[[CVE-2019-9740] Python urllib CRLF injection vulnerability](https://bugs.python.org/issue36276)  同 https://xz.aliyun.com/t/5123\n\n[Hack Redis via Python urllib HTTP Header Injection](https://security.tencent.com/index.php/blog/msg/106)\n\n[【技术分享】python web 安全总结](http://bobao.360.cn/learning/detail/4522.html)\n\n\n\n### 安全工具\n\n[python正向连接后门](https://www.leavesongs.com/PYTHON/python-shell-backdoor.html)\n\n[struts2 S2-016/S2-017 Python GetShell](https://www.leavesongs.com/PENETRATION/UseOfStruts.html)\n\n[Python多线程端口扫描工具](https://www.leavesongs.com/PYTHON/PortScanner.html)\n\n[Python JSON Fuzzer: PyJFuzz](https://n0where.net/python-json-fuzzer-pyjfuzz/)\n\nhttps://github.com/smartFlash/pySecurity\n\n\n\n### 对象注入、底层安全\n\n[DEFENCELY CLARIFIES PYTHON OBJECT INJECTION EXPLOITATION](https://defencely.com/blog/defencely-clarifies-python-object-injection-exploitation/)\n\n[OWASP Python Security Project](https://github.com/ebranca/owasp-pysec)\n\n[Escaping a Python sandbox with a memory corruption bug](https://hackernoon.com/python-sandbox-escape-via-a-memory-corruption-bug-19dde4d5fea5)","funding_links":[],"categories":["\u003ca id=\"a4ee2f4d4a944b54b2246c72c037cd2e\"\u003e\u003c/a\u003e收集\u0026\u0026集合","\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","Others","相关资料","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Others (1002)"],"sub_categories":["\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","\u003ca id=\"f110da0bf67359d3abc62b27d717e55e\"\u003e\u003c/a\u003e新添加的","Flask"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbit4woo%2Fpython_sec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbit4woo%2Fpython_sec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbit4woo%2Fpython_sec/lists"}