Python Hacking

Open-source Python projects categorized as Hacking

Top 23 Python Hacking Projects

  • PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

    Also I'm sure there's a few test php files in here for filter bypasses too

  • Scout Monitoring

    Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in is all you need to start monitoring your apps. Sign up for our free tier today.

    Scout Monitoring logo
  • hackingtool

    ALL IN ONE Hacking Tool For Hackers

  • Ciphey

    ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

    Project mention: CyberChef from GCHQ: The Cyber Swiss Army Knife | | 2024-02-01

    I also discovered Ciphey. Neat little tool indeed, but it's being deprecated. It's mentioned in this issue[1] and being replaced with Ares[2]. Neither could decipher this strange encryption[3] I used it on :(



    [3] "dEFLWWFKQWxRQW16RnkvbTZML0lsdz09" original text is "hacker"

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: SpiderFoot automates OSINT for threat intelligence | | 2024-07-03

    Some would disagree with that statement: <>

      The little development on the project is probably due to it's age.

  • dirsearch

    Web path scanner

    Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

    I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch ( allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "", "", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the website and then save output on if the webpath is valid or not. Just need a little bit of help.

  • owasp-mastg

    The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

    Project mention: More ways to identify independently security tested apps on Google Play | | 2023-11-03
  • urh

    Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

    Project mention: Goodwatch – A Ham Radio Wristwatch | | 2024-07-03

    You don't need a license to explore and have fun.

    Cheap, firmware hackable HTs are hawt, in particular the Quansheng UV-K5,K6.

    Tons of SDR receivers out there to explore, and many extremely exiting transceiver projects out there also. Just so much:

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • Osintgram

    Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

  • hacktricks

    Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

  • trape

    People tracker on the Internet: OSINT analysis and research tool by Jose Pino

  • pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

  • caldera

    Automated Adversary Emulation Platform

  • PhoneSploit-Pro

    An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

  • bbot

    A recursive internet scanner for hackers.

  • h8mail

    Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

    Project mention: Search for sensitive data using theHarvester and h8mail tools | | 2023-12-01
  • Villain

    Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

  • pentest-wiki

    PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

  • Raccoon

    A high performance offensive security tool for reconnaissance and vulnerability scanning

  • hoaxshell

    A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

  • TorBot

    Dark Web OSINT Tool

  • github-dorks

    Find leaked secrets via github search

    Project mention: Information Disclosure | | 2024-04-01

    Now, whenever we talk about source code the first thing that comes into mind is Github, we can also use Github Dorks to search secrets in the code, you will find useful search techniques in its cheatsheet, there is also a GitHub tool for that Github-Dorks.

  • Ghost

    Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. (by EntySec)

  • trackerjacker

    Like nmap for mapping wifi networks you're not connected to, plus device tracking

    Project mention: Surveilling the Masses with Wi-Fi-Based Positioning Systems | | 2024-05-27

    I published an open-source tool several years ago which helps map out the wifi world:

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python Hacking discussion

Log in or Post with

Python Hacking related posts

  • Hack The Box Writeup: Heist

    4 projects | | 5 Jul 2024
  • Surveilling the Masses with Wi-Fi-Based Positioning Systems

    4 projects | | 27 May 2024
  • NixThePlanet - Run macOS, Windows and more via a single Nix command + nixosModules

    3 projects | /r/NixOS | 9 Dec 2023
  • php shell not executed in wordpress

    1 project | /r/hacking | 8 Dec 2023
  • How to add a man page to your Ruby project, using kramdown-man and markdown

    2 projects | /r/ruby | 6 Dec 2023
  • From email to phone number, a new OSINT approach

    1 project | | 16 Nov 2023
  • XXE-XML External Entities Attacks

    2 projects | | 25 Oct 2023
  • A note from our sponsor - Scout Monitoring | 18 Jul 2024
    Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in is all you need to start monitoring your apps. Sign up for our free tier today. Learn more →


What are some of the best open-source Hacking projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 58,386
2 hackingtool 43,591
3 Ciphey 17,503
4 spiderfoot 12,312
5 dirsearch 11,599
6 owasp-mastg 11,458
7 urh 10,641
8 Osintgram 9,200
9 hacktricks 8,507
10 trape 7,974
11 pyWhat 6,470
12 caldera 5,364
13 PhoneSploit-Pro 4,467
14 bbot 4,105
15 h8mail 4,036
16 Villain 3,633
17 pentest-wiki 3,374
18 Raccoon 3,034
19 hoaxshell 2,947
20 TorBot 2,745
21 github-dorks 2,701
22 Ghost 2,676
23 trackerjacker 2,612

Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in is all you need to start monitoring your apps. Sign up for our free tier today.