Awesome CISO

Awesome material we picked out of Github.

Awesome Cheetsheets

Awesome Github lists

  • Awesome Pentest - A collection of awesome penetration testing resources, tools and other shiny things.
  • Awesome Appsec -A curated list of resources for learning about application security.
  • Awesome Malware Analysis - A curated list of awesome malware analysis tools and resources.
  • Android Security Awesome -A collection of android security related resources.
  • Awesome CTF -A curated list of CTF frameworks, libraries, resources and softwares.
  • Awesome Security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
  • Awesome Honeypots -A curated list of awesome honeypots, tools, components and much more.
  • Awesome Incident Response -A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.
  • Awesome Threat Intelligence -A curated list of awesome Threat Intelligence resources.
  • Awesome PCAP Tools -A collection of tools developed by other researchers in the Computer Science area to process network traces.
  • Awesome Forensics -A curated list of awesome forensic analysis tools and resources.
  • Awesome Hacking - A curated list of awesome Hacking tutorials, tools and resources.
  • Awesome Industrial Control System Security -A curated list of resources related to Industrial Control System (ICS) security.
  • Awesome Web Hacking -This list is for anyone wishing to learn about web application security but do not have a starting point.
  • Awesome Sec Talks -A curated list of awesome Security talks.
  • Awesome YARA -A curated list of awesome YARA rules, tools, and people.
  • Sec Lists -SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

Awesome Python Projects you need to see


Libraries for implementing authentications schemes.

  • OAuth
    • authlib - JavaScript Object Signing and Encryption draft implementation.
    • django-allauth - Authentication app for Django that "just works."
    • django-oauth-toolkit - OAuth 2 goodies for Django.
    • oauthlib - A generic and thorough implementation of the OAuth request-signing logic.
    • python-oauth2 - A fully tested, abstract interface to creating OAuth clients and servers.
    • python-social-auth - An easy-to-setup social authentication mechanism.
  • JWT
    • pyjwt - JSON Web Token implementation in Python.
    • python-jose - A JOSE implementation in Python.
    • python-jwt - A module for generating and verifying JSON Web Tokens.


Libraries for caching data.

  • beaker - A WSGI middleware for sessions and caching.
  • django-cache-machine - Automatic caching and invalidation for Django models.
  • django-cacheops - A slick ORM cache with automatic granular event-driven invalidation.
  • dogpile.cache - dogpile.cache is next generation replacement for Beaker made by same authors.
  • HermesCache - Python caching library with tag-based invalidation and dogpile effect prevention.
  • pylibmc - A Python wrapper around the libmemcached interface.
  • python-diskcache - SQLite and file backed cache backend with faster lookups than memcached and redis.

ChatOps Tools

Libraries for chatbot development.

  • errbot - The easiest and most popular chatbot to implement ChatOps.

Command-line Tools

Useful CLI-based tools for productivity.

  • Productivity Tools
    • cookiecutter - A command-line utility that creates projects from cookiecutters (project templates).
    • doitlive - A tool for live presentations in the terminal.
    • howdoi - Instant coding answers via the command line.
    • PathPicker - Select files out of bash output.
    • percol - Adds flavor of interactive selection to the traditional pipe concept on UNIX.
    • thefuck - Correcting your previous console command.
    • tmuxp - A tmux session manager.
    • try - A dead simple CLI to try out python packages - it's never been easier.
  • CLI Enhancements
    • httpie - A command line HTTP client, a user-friendly cURL replacement.
    • kube-shell - An integrated shell for working with the Kubernetes CLI.
    • mycli - A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.
    • pgcli - Postgres CLI with autocompletion and syntax highlighting.
    • saws - A Supercharged aws-cli.


  • cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
  • paramiko - The leading native Python SSHv2 protocol library.
  • passlib - Secure password storage/hashing library, very high level.
  • pynacl - Python binding to the Networking and Cryptography (NaCl) library.

DevOps Tools

Software and libraries for DevOps.

  • ansible - A radically simple IT automation platform.
  • cloudinit - A multi-distribution package that handles early initialization of a cloud instance.
  • cuisine - Chef-like functionality for Fabric.
  • docker-compose - Fast, isolated development environments using Docker.
  • fabric - A simple, Pythonic tool for remote execution and deployment.
  • fabtools - Tools for writing awesome Fabric files.
  • honcho - A Python clone of Foreman, for managing Procfile-based applications.
  • OpenStack - Open source software for building private and public clouds.
  • pexpect - Controlling interactive programs in a pseudo-terminal like GNU expect.
  • psutil - A cross-platform process and system utilities module.
  • saltstack - Infrastructure automation and management system.
  • supervisor - Supervisor process control system for UNIX.


Libraries for downloading.

  • s3cmd - A command line tool for managing Amazon S3 and CloudFront.
  • s4cmd - Super S3 command line tool, good for higher performance.
  • you-get - A YouTube/Youku/Niconico video downloader written in Python 3.
  • youtube-dl - A small command-line program to download videos from YouTube.

Text Processing

Libraries for parsing and manipulating plain texts.

  • General
    • chardet - Python 2/3 compatible character encoding detector.
    • difflib - (Python standard library) Helpers for computing deltas.
    • ftfy - Makes Unicode text less broken and more consistent automagically.
    • fuzzywuzzy - Fuzzy String Matching.
    • Levenshtein - Fast computation of Levenshtein distance and string similarity.
    • - Paranoid text spacing.
    • pyfiglet - An implementation of figlet written in Python.
    • pypinyin - Convert Chinese hanzi (漢字) to pinyin (拼音).
    • textdistance - Compute distance between sequences with 30+ algorithms.
    • unidecode - ASCII transliterations of Unicode text.
  • Slugify
    • awesome-slugify - A Python slugify library that can preserve unicode.
    • python-slugify - A Python slugify library that translates unicode to ASCII.
    • unicode-slugify - A slugifier that generates unicode slugs with Django as a dependency.
  • Unique identifiers
    • hashids - Implementation of hashids in Python.
    • shortuuid - A generator library for concise, unambiguous and URL-safe UUIDs.
  • Parser
    • ply - Implementation of lex and yacc parsing tools for Python.
    • pygments - A generic syntax highlighter.
    • pyparsing - A general purpose framework for generating parsers.
    • python-nameparser - Parsing human names into their individual components.
    • python-phonenumbers - Parsing, formatting, storing and validating international phone numbers.
    • python-user-agents - Browser user agent parser.
    • sqlparse - A non-validating SQL parser.

Third-party APIs

Libraries for accessing third party services APIs. Also see List of Python API Wrappers and Libraries.

URL Manipulation

Libraries for parsing URLs.

  • furl - A small Python library that makes parsing and manipulating URLs easy.
  • purl - A simple, immutable URL class with a clean API for interrogation and manipulation.
  • pyshorteners - A pure Python URL shortening lib.
  • webargs - A friendly library for parsing HTTP request arguments with built-in support for popular web frameworks.

Web Content Extracting

Libraries for extracting web contents.

  • html2text - Convert HTML to Markdown-formatted text.
  • lassie - Web Content Retrieval for Humans.
  • micawber - A small library for extracting rich content from URLs.
  • newspaper - News extraction, article extraction and content curation in Python.
  • python-readability - Fast Python port of arc90's readability tool.
  • requests-html - Pythonic HTML Parsing for Humans.
  • sumy - A module for automatic summarization of text documents and HTML pages.
  • textract - Extract text from any document, Word, PowerPoint, PDFs, etc.
  • toapi - Every web site provides APIs.

Web Crawling

Libraries to automate web scraping.

  • cola - A distributed crawling framework.
  • feedparser - Universal feed parser.
  • grab - Site scraping framework.
  • MechanicalSoup - A Python library for automating interaction with websites.
  • pyspider - A powerful spider system.
  • robobrowser - A simple, Pythonic library for browsing the web without a standalone web browser.
  • scrapy - A fast high-level screen scraping and web crawling framework.
  • portia - Visual scraping for Scrapy.
GDPR CCPA Compliance Management