SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Python Penetration Testing Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
setoolkit
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
-
Osintgram
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
-
pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
-
Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
-
hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
-
malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
-
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
-
owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
-
evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
-
inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
-
Lockdoor-Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
Project mention: Ask HN: Resources for College Cybersecurity Club? | news.ycombinator.com | 2023-08-27[2] https://github.com/trustedsec/social-engineer-toolkit
If the tattoo studios aren't necessary to have been from facebook specifically, Osintgram is a pretty effective tool for scraping shit from Instagram really quickly that could theoretically be used to achieve this, if not perhaps in a roundabout sort of way like starting from one business you know and getting shit from their friends' info and so on. I could swear that I had known about a similar tool for facebook, but I'm drawing a blank right now...
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
Pra isso, usei a belíssima ferramenta Pacu https://github.com/RhinoSecurityLabs/pacu.
Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf
Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03https://github.com/OWASP/owasp-masvs :
> The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Python Penetration Testing related posts
- nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
- Ask HN: Resources for College Cybersecurity Club?
- De um mimo até a elevação de privilégios na Cloud
- PentestGPT
- PentestGPT, a gpt-powered penetration testing tool, open source
- ExploitToolFinder
- Security Audit Scan
-
A note from our sponsor - SaaSHub
www.saashub.com | 19 Apr 2024
Index
What are some of the best open-source Penetration Testing projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | PayloadsAllTheThings | 56,534 |
2 | dirsearch | 11,179 |
3 | setoolkit | 10,196 |
4 | fsociety | 10,071 |
5 | Osintgram | 8,658 |
6 | rengine | 6,685 |
7 | monkey | 6,476 |
8 | PentestGPT | 6,311 |
9 | faraday | 4,600 |
10 | PhoneSploit-Pro | 4,165 |
11 | pacu | 4,005 |
12 | Villain | 3,561 |
13 | hoaxshell | 2,880 |
14 | malicious-pdf | 2,585 |
15 | Astra | 2,421 |
16 | slowloris | 2,333 |
17 | Reconnoitre | 2,065 |
18 | owasp-masvs | 1,943 |
19 | rapidscan | 1,649 |
20 | evillimiter | 1,478 |
21 | cloud_enum | 1,462 |
22 | inql | 1,455 |
23 | Lockdoor-Framework | 1,291 |