OpenSecAtlas
OPENSECATLAS
11/12 free views
Tool
CLI
Vulnerability Management

pipinfo

by HubTou

1stars
0forks
1watchers
Updated over 2 years ago
About

pipinfo is an alternative command-line tool for listing Python packages with enhanced features like vulnerability and version checks.

Alternative tool for listing Python packages

Primary Use Case

pipinfo is designed for Python developers and security professionals who need a comprehensive overview of installed Python packages, including their versions, vulnerabilities, and update status. It simplifies package management by combining functionalities of pip list, pip show, and pip-audit, helping users identify outdated or vulnerable packages quickly.

Key Features
  • Lists all Python packages in the PATH or specified directories, including duplicates
  • Differentiates user and system-wide packages with visual cues
  • Checks for latest package versions using Python Index Package web service
  • Detects known vulnerabilities in installed packages
  • Provides detailed package and vulnerability information on demand
  • Supports filtering packages by status: outdated, vulnerable, required, user/system, etc.
  • Color-coded output with option to disable colors and progress meter
  • Caching support for web service queries to improve performance

Installation

  • Ensure Python and pip are installed from https://www.python.org/downloads/ and https://pip.pypa.io/en/stable/installation/
  • Install pipinfo tool only with: pip install pnu-pipinfo
  • Alternatively, install the full PNU toolset with: pip install PNU
  • Or install PNU plus additional third-party tools with: pip install pytnix

Usage

>_ pipinfo

List all Python packages with default display

>_ pipinfo -l | --check-latest

Check and highlight packages that are outdated

>_ pipinfo -v | --check-vulns

Check and highlight packages with known vulnerabilities

>_ pipinfo -i | --info

Print detailed information about package versions and vulnerabilities

>_ pipinfo -I | --issues

List only packages that are outdated or vulnerable

>_ pipinfo -S | --system

Show only system-wide installed packages

>_ pipinfo -U | --user

Show only user-installed packages

>_ pipinfo -O | --outdated

Show only outdated packages

>_ pipinfo -V | --vulnerable

Show only vulnerable packages

>_ pipinfo -c | --no-color

Disable colored output

>_ pipinfo -p | --no-progress

Disable progress meter display

Security Frameworks
Discovery
Defense Evasion
Collection
Reconnaissance
Resource Development
Usage Insights
  • Integrate pipinfo into CI/CD pipelines to automatically detect vulnerable or outdated Python packages before deployment.
  • Use pipinfo reports to prioritize patching and remediation efforts in vulnerability management workflows.
  • Combine pipinfo with automated alerting systems to notify developers and security teams of critical package vulnerabilities in real time.
  • Leverage pipinfo’s detailed package and vulnerability info to enhance software bill of materials (SBOM) accuracy and compliance.
  • Employ pipinfo in purple team exercises to simulate supply chain attacks via vulnerable Python dependencies and test detection capabilities.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about pipinfo. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile
Red Team30%
Blue Team80%
Purple Team60%
Details
LicenseBSD 3-Clause "New" or "Revised" License
LanguagePython
Open Issues0
Topics
command-line-tool
package-management
package-manager
packagemanager
packages
pip
pip3
pnu-project
python
python3

Related Tools

trivy icon

trivy

aquasecurity/trivy

Tool

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

32.3K
about 1 month ago
nuclei icon

nuclei

projectdiscovery/nuclei

Tool

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

26.6K
3 months ago
lynis icon

lynis

CISOfy/lynis

Tool

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

15.1K
3 months ago
vuls icon

vuls

future-architect/vuls

Tool

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

11.9K
3 months ago
oss-fuzz icon

oss-fuzz

google/oss-fuzz

Tool

OSS-Fuzz - continuous fuzzing for open source software.

11.8K
3 months ago
nuclei-templates icon

nuclei-templates

projectdiscovery/nuclei-templates

Template

Community curated list of templates for the nuclei engine to find security vulnerabilities.

11.8K
3 months ago