PyT (Python Taint)

LSE toolsLSE toolsPyT (375)PyT (375)

Tool and Usage

Project details

Programming language
Bruno Thalmann
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Background information

  • Detect Command injection, SQL injection, and XSS
  • Detect directory traversal
  • Get a control flow graph
  • Get a def-use and/or a use-def chain
  • Search GitHub and analyze hits with PyT
  • Scan intraprocedural or interprocedural
  • Customizations possible

Usage and audience

PyT is commonly used for code analysis. Target users for this tool are developers.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

Author and Maintainers

PyT is under development by Bruno Thalmann.


Installation options

To use PyT, install it via the following method below.

pip install

pip install

After installation, check the version number of the program and compare it with the one on this page. Be aware of versions that are outdated, as they may contain bugs or even security vulnerabilities.


Several dependencies are required to use PyT.

  • GitPython
  • coverage
  • graphviz
  • requests

PyT alternatives

Similar tools to PyT:



Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.



Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.



Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

All PyT alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information


This tool is categorized as a Python code analysis tool, Python security tool, and static code analyzer.