InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
Top 23 Python Penetration Testing Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Project mention: List of Useful Payloads and Bypass for Web Application Security and Pentest/CTF | news.ycombinator.com | 2025-03-14 -
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
setoolkit
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
-
-
Osintgram
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
-
-
-
Stream
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
-
-
PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
-
pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Project mention: Attacking Misconfigured Amazon Cognito: Zero-Click Account Takeover | dev.to | 2025-02-17Using the console command in the Pacu Framework we can scale access to the AWS console in the browser, making exploration easier.
-
Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Project mention: Nettacker: Open-Source Automated Penetration Testing and Vulnerability Scanner | news.ycombinator.com | 2024-09-03 -
Villain
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
-
hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
-
malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
-
-
-
owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
-
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
-
SysReptor
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
-
- Utilize tools like **[Cloud_Enum](https://github.com/initstring/cloud_enum)** to perform a broad search across multiple cloud providers (AWS, Azure, GCP) for assets related to the target organization. This tool helps discover storage buckets, cloud functions, and other publicly exposed resources.
-
-
evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Python Penetration Testing discussion
Python Penetration Testing related posts
-
Attacking Misconfigured Amazon Cognito: Zero-Click Account Takeover
-
Always keep this hacking technique in mind
-
Pentesting AWS VPCs: Identifying and Mitigating Risks
-
nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
-
Ask HN: Resources for College Cybersecurity Club?
-
De um mimo até a elevação de privilégios na Cloud
-
PentestGPT
-
A note from our sponsor - InfluxDB
www.influxdata.com | 10 Jul 2025
Index
What are some of the best open-source Penetration Testing projects in Python? This list will help you:
# | Project | Stars |
---|---|---|
1 | PayloadsAllTheThings | 67,624 |
2 | dirsearch | 13,080 |
3 | setoolkit | 12,109 |
4 | fsociety | 11,310 |
5 | Osintgram | 10,960 |
6 | PentestGPT | 8,475 |
7 | monkey | 6,821 |
8 | faraday | 5,516 |
9 | PhoneSploit-Pro | 5,076 |
10 | pacu | 4,767 |
11 | Nettacker | 4,303 |
12 | Villain | 4,155 |
13 | hoaxshell | 3,272 |
14 | malicious-pdf | 3,070 |
15 | Astra | 2,579 |
16 | slowloris | 2,571 |
17 | owasp-masvs | 2,192 |
18 | Reconnoitre | 2,159 |
19 | SysReptor | 2,011 |
20 | cloud_enum | 1,868 |
21 | rapidscan | 1,861 |
22 | evillimiter | 1,737 |
23 | Ghostwriter | 1,556 |