Top 23 Python Hacking Projects

• PayloadsAllTheThings

  34 56,681 8.6 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

• hackingtool

  13 42,733 6.7 Python

  ALL IN ONE Hacking Tool For Hackers

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Ciphey

  27 17,000 2.9 Python

  ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

  

Project mention: CyberChef from GCHQ: The Cyber Swiss Army Knife | news.ycombinator.com | 2024-02-01

I also discovered Ciphey. Neat little tool indeed, but it's being deprecated. It's mentioned in this issue[1] and being replaced with Ares[2]. Neither could decipher this strange encryption[3] I used it on :(

[1] https://github.com/Ciphey/Ciphey/issues/764

[2] https://github.com/bee-san/Ares

[3] "dEFLWWFKQWxRQW16RnkvbTZML0lsdz09" original text is "hacker"

• spiderfoot

  19 11,723 6.6 Python

  SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

• owasp-mastg

  22 11,272 8.3 Python

  The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

  

Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03

• dirsearch

  12 11,213 7.9 Python

  Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

• urh

  35 10,410 6.6 Python

  Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

Project mention: Flipper Zero: Multi-Tool Device for Geeks | news.ycombinator.com | 2024-01-21

>> or somewhat expensive and complex SDR

I don’t think that’s as accurate today as it used to be.

On the hardware side there are tons of options very cheaply available - iirc the flipper uses the c1100 (or a number like that) it’s a popular cheap chip and it’s well documented and interfaces easily with arduino.

More accessibly, lime mini SDRs are cheap but there’s quite a few alternatives too.

On the software side GNU Radio is free with decent tutorials - we’re not talking anything like blender levels of difficulty to adopt even if it is a complex domain.

Although on the more accessible side, urh is incredibly powerful given how easy to use it is https://github.com/jopohl/urh

I used the latter to tap into a 2 channel wireless bbq thermometer via a $10 rtl sdr and that was a breeze, an absolute walk in the park compared to when I reverse engineered the flysky telemetry system.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• Osintgram

  32 8,703 1.9 Python

  Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Project mention: facebook hack | /r/Kalilinux | 2023-06-28

If the tattoo studios aren't necessary to have been from facebook specifically, Osintgram is a pretty effective tool for scraping shit from Instagram really quickly that could theoretically be used to achieve this, if not perhaps in a roundabout sort of way like starting from one business you know and getting shit from their friends' info and so on. I could swear that I had known about a similar tool for facebook, but I'm drawing a blank right now...

• hacktricks

  6 8,197 9.8 Python

  Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

  

Project mention: Where do you look for help when doing ctf | /r/Hacking_Tutorials | 2023-06-08

• trape

  12 7,919 0.0 Python

  People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Project mention: TRACK PEOPLE ON THE INTERNET: Learn to track your opps world, to avoid being traced | /r/make_money_online_vip | 2023-06-16

Github Link

• rengine

  4 6,737 9.5 Python

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21

I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.

• pyWhat

  16 6,352 0.0 Python

  🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

• caldera

  16 5,175 9.2 Python

  Automated Adversary Emulation Platform

  

Project mention: SOC Malware/Detection lab | /r/cybersecurity | 2023-07-03

Also, for the attack emulation part you might be interested in CALDERA.

• PhoneSploit-Pro

  1 4,177 6.2 Python

  An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

• h8mail

  11 3,884 0.0 Python

  Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Project mention: Search for sensitive data using theHarvester and h8mail tools | dev.to | 2023-12-01

• Villain

  2 3,563 7.7 Python

  Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

• bbot

  5 3,506 9.9 Python

  A recursive internet scanner for hackers.

  

Project mention: [GitHub Action]: Wrappers for sqlmap, bbot and nikto | /r/cybersecurity | 2023-05-29

Its not that much of a tool than wrappers of few awesome tools that most of you probably know and use today - sqlmap, bbot and nikto.

• pentest-wiki

  1 3,317 0.0 Python

  PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

• Raccoon

  4 2,993 0.0 Python

  A high performance offensive security tool for reconnaissance and vulnerability scanning

• hoaxshell

  6 2,886 2.1 Python

  A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Project mention: ExploitToolFinder | /r/hacking | 2023-06-16

• github-dorks

  2 2,647 3.5 Python

  Find leaked secrets via github search

Project mention: Information Disclosure | dev.to | 2024-04-01

Now, whenever we talk about source code the first thing that comes into mind is Github, we can also use Github Dorks to search secrets in the code, you will find useful search techniques in its cheatsheet, there is also a GitHub tool for that Github-Dorks.

• TorBot

  1 2,599 8.7 Python

  Dark Web OSINT Tool

  

• trackerjacker

  1 2,570 5.8 Python

  Like nmap for mapping wifi networks you're not connected to, plus device tracking

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Hacking related posts

• NixThePlanet - Run macOS, Windows and more via a single Nix command + nixosModules
  3 projects | /r/NixOS | 9 Dec 2023
• php shell not executed in wordpress
  1 project | /r/hacking | 8 Dec 2023
• How to add a man page to your Ruby project, using kramdown-man and markdown
  2 projects | /r/ruby | 6 Dec 2023
• From email to phone number, a new OSINT approach
  1 project | news.ycombinator.com | 16 Nov 2023
• XXE-XML External Entities Attacks
  2 projects | dev.to | 25 Oct 2023
• 1.6 GHz is a known interstellar communication signal?
  1 project | /r/skinwalkerranch | 12 Jul 2023
• Newcomer to programming & cybersecurity, I've created a Python-based malware project: password theft, browser history retrieval, system info gathering, keystroke collection, public IP retrieval. It's purely educational, not promoting harm or endorsing unethical actions. Feedback appreciated.
  1 project | /r/programming | 9 Jul 2023
• A note from our sponsor - WorkOS
  workos.com | 27 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!