╔══════════════════════════════════════════════════╗
║ PYSPECTOR ║
║ Next-Gen Security Scanner ║
╚══════════════════════════════════════════════════╝
┌─────┐ ┌─────┐ ┌─────────────┐ ┌─────────┐
│ AST │◄──►│RUST │◄──►│ TAINT FLOW │◄──►│ RESULTS │
│ GEN │ │CORE │ │ ANALYSIS │ │ REPORT │
└─────┘ └─────┘ └─────────────┘ └─────────┘
▲ │
│ ▼
┌─────────┐ ┌─────────┐
│ PYTHON │ │ JSON │
│ CLI │ │ HTML │
│ HANDLER │ │ SARIF │
└─────────┘ └─────────┘
PySpector is a static analysis security testing framework for Python, combining a Rust-powered analysis core with AST parsing, inter-procedural taint tracking, and first-class AI and LLM security rules.
Designed for security engineers and developers who need speed, transparency, and extensibility.
Parallel execution for large Python repositories.
Tracks data flows across call graphs.
Rules for prompt injection and unsafe agents.
Regex, AST, and semantic checks combined.
JSON, HTML, and SARIF outputs.
TOML-based rule definitions.
Post-processing and custom workflows.
TUI-based triage and baseline management.
A clean separation between orchestration and analysis keeps PySpector fast and maintainable.
Configuration, AST generation, rule loading.
Parallel analysis engine with taint propagation.
Console, JSON, HTML, SARIF, and interactive TUI.
# Install from PyPI
pip install pyspector
# Scan a project
pyspector scan ./project
# Enable AI and LLM rules
pyspector scan ./project --ai
# Generate HTML report
pyspector scan ./project -f html -o report.html
# Scan remote repository
pyspector scan --url https://github.com/user/repo.git
# Interactive triage
pyspector triage report.jsonTry PySpector's REST API directly from your browser. Scan public repositories with customizable options.
Results will appear here...Want to start using PySpector directly on your machine? Check our Quick Start!
PySpector is an open source security project built by practitioners. Contributions are welcome in rule development, Rust and Python core improvements, documentation, testing, and security research.