InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
Top 23 Python Hacking Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Project mention: List of Useful Payloads and Bypass for Web Application Security and Pentest/CTF | news.ycombinator.com | 2025-03-14 -
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
-
Project mention: SpiderFoot automates OSINT for threat intelligence | news.ycombinator.com | 2024-07-03
Some would disagree with that statement: <https://github.com/smicallef/spiderfoot/issues>
The little development on the project is probably due to it's age.
-
-
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
The OWASP Mobile Application Security (MAS) flagship project provides a robust security standard for mobile apps, known as the OWASP MASVS, along with a comprehensive testing guide (OWASP MASTG). These resources cover the processes, techniques, and tools used during a mobile app security test, ensuring consistent and complete results.
-
You don't need a license to explore and have fun.
Cheap, firmware hackable HTs are hawt, in particular the Quansheng UV-K5,K6.
Tons of SDR receivers out there to explore, and many extremely exiting transceiver projects out there also. Just so much:
https://github.com/jopohl/urh
http://websdr.org/
http://kiwisdr.com/public/
https://meshtastic.org/docs/hardware/devices/
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Osintgram
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
-
bbot is a recursive internet scanner that supports Python-based modules.
-
-
pyWhat
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
Project mention: pyWhat VS binwalk - a user suggested alternative | libhunt.com/r/pyWhat | 2024-07-19 -
-
PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
-
h8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
-
NOTE: The last time I rooted this machine, it was July 2023. At time of editing, (July 2024), CrackMapExec has been deprecated, and it's generally recommended to use NetExec (NXC). The syntax should be very similar, and it should get you through this portion of the writeup.
-
Villain
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
-
pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
-
-
hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
-
-
Ghost
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. (by EntySec)
-
-
Project mention: trackerjacker VS kismet - a user suggested alternative | libhunt.com/r/trackerjacker | 2024-10-13
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Python Hacking discussion
Python Hacking related posts
-
List of Useful Payloads and Bypass for Web Application Security and Pentest/CTF
-
Blacklanternsecurity / Bbot
-
Show HN: Outcheckr- Webpage outbound link enumerator with threading
-
Outcheckr- A webpage outbound link enumerator with threading support
-
trackerjacker VS kismet - a user suggested alternative
2 projects | 13 Oct 2024 -
PayloadsAllTheThings: Essential Payloads and Bypass for Web Security and CTFs
-
pyWhat VS binwalk - a user suggested alternative
2 projects | 19 Jul 2024 -
A note from our sponsor - InfluxDB
www.influxdata.com | 14 May 2025
Index
What are some of the best open-source Hacking projects in Python? This list will help you:
# | Project | Stars |
---|---|---|
1 | PayloadsAllTheThings | 65,299 |
2 | hackingtool | 52,383 |
3 | Ciphey | 19,090 |
4 | spiderfoot | 14,316 |
5 | dirsearch | 12,873 |
6 | owasp-mastg | 12,181 |
7 | urh | 11,485 |
8 | Osintgram | 10,660 |
9 | bbot | 8,437 |
10 | trape | 8,285 |
11 | pyWhat | 6,866 |
12 | caldera | 6,126 |
13 | PhoneSploit-Pro | 5,076 |
14 | h8mail | 4,437 |
15 | NetExec | 4,150 |
16 | Villain | 4,074 |
17 | pentest-wiki | 3,535 |
18 | TorBot | 3,277 |
19 | hoaxshell | 3,224 |
20 | Raccoon | 3,183 |
21 | Ghost | 3,039 |
22 | github-dorks | 2,939 |
23 | trackerjacker | 2,672 |