{"id":21947692,"url":"https://github.com/valpackett/pysectools","last_synced_at":"2025-04-22T23:43:53.103Z","repository":{"id":10754405,"uuid":"13015148","full_name":"valpackett/pysectools","owner":"valpackett","description":"A small Python library that contains various security things","archived":false,"fork":false,"pushed_at":"2020-07-13T21:24:47.000Z","size":26,"stargazers_count":17,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-12T08:20:15.829Z","etag":null,"topics":["python","security","unix"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/valpackett.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-09-22T14:53:48.000Z","updated_at":"2024-01-03T14:10:50.000Z","dependencies_parsed_at":"2022-08-30T06:10:35.890Z","dependency_job_id":null,"html_url":"https://github.com/valpackett/pysectools","commit_stats":null,"previous_names":["unrelentingtech/pysectools","myfreeweb/pysectools"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valpackett%2Fpysectools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valpackett%2Fpysectools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valpackett%2Fpysectools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valpackett%2Fpysectools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/valpackett","download_url":"https://codeload.github.com/valpackett/pysectools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250343755,"owners_count":21415035,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["python","security","unix"],"created_at":"2024-11-29T05:09:18.694Z","updated_at":"2025-04-22T23:43:53.086Z","avatar_url":"https://github.com/valpackett.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![on PyPI](https://img.shields.io/pypi/v/pysectools.svg?style=flat)](https://pypi.python.org/pypi/pysectools)\n[![Unlicense](https://img.shields.io/badge/un-license-green.svg?style=flat)](http://unlicense.org)\n\n# pysectools\n\nA small Python library that contains various security things.\n\n## Usage\n\n```python\nimport pysectools\n```\n\nPrevent secrets from leaking out of your process's memory:\n\n```python\npysectools.disallow_swap()\npysectools.disallow_core_dumps()\n```\n\nDrop privileges:\n\n```python\npysectools.drop_privileges('username', 'groupname')\n```\n\nSecurely erase a secret from memory (only on CPython):\n\n```python\npassword = 'correct horse battery staple'\npysectools.zero(password)\n# password == '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n# \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nEnter a [Capsicum](http://www.cl.cam.ac.uk/research/security/capsicum/) sandbox (works out of the box on FreeBSD 10.0 and newer):\n\n```python\nb = open('before.txt', 'w')\npysectools.cap_enter()\nb.write('hello from the sandbox!') # ok\nopen('after.txt', 'w').write('new file!') # IOError: [Errno 94] Not permitted in capability mode: 'after.txt'\n```\n\nGet a password safely using pinentry (usually comes with [GnuPG](https://www.gnupg.org/)) or [getpass](https://docs.python.org/2/library/getpass.html) if there's no pinentry:\n\n```python\nfrom pysectools.pinentry import Pinentry\npinentry = Pinentry(pinentry_path=\"/usr/local/bin/pinentry\",\n                    fallback_to_getpass=True)\n# all parameters are optional\npass = pinentry.ask(prompt=\"Enter your passphrase: \",\n                    description=\"Launching the nuclear rocket\",\n                    validator=lambda x: x.startswith(\"correct horse\"))\npinentry.close()\nrocket.authorize(pass)\npysectools.zero(pass)\nrocket.launch()\n```\n\nGenerate a cryptographically secure pseudorandom byte string (tries `/dev/urandom`/`CryptGenRandom` then libcrypto ([LibreSSL](http://www.libressl.org)) arc4random then libc arc4random):\n\n```python\npysectools.goodrandom(32) # size in bytes\n# check the return value! it's False if there's something wrong\n```\n\n## Resources\n\n- [Secure programming in Python](http://sourceforge.net/apps/trac/flexpw/wiki/PySecure) -- this library implements things described there\n- [Secure Programming for Linux and Unix HOWTO](http://www.dwheeler.com/secure-class/Secure-Programs-HOWTO/index.html) -- the classic book\n- [PyNaCl](https://github.com/pyca/pynacl) -- all the crypto you need\n- [py-scrypt](https://bitbucket.org/mhallin/py-scrypt/src) -- derive crypto keys from passwords\n- [passlib](http://pythonhosted.org/passlib/) -- general password hashing library\n- [pyotp](https://github.com/nathforge/pyotp) -- two-factor auth is easy\n- OWASP [Cheat Sheets](https://www.owasp.org/index.php/Cheat_Sheets) and [the Top Ten](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)\n- [SSL/TLS Deployment Best Practices](https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf)\n\n## License\n\nThis is free and unencumbered software released into the public domain.  \nFor more information, please refer to the `UNLICENSE` file or [unlicense.org](https://unlicense.org).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvalpackett%2Fpysectools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvalpackett%2Fpysectools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvalpackett%2Fpysectools/lists"}