Python Penetration Testing

Open-source Python projects categorized as Penetration Testing

Top 23 Python Penetration Testing Projects

  • PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: Becoming a security researcher. Help with a realistic timeline? | /r/AskNetsec | 2023-05-17

    - -

  • dirsearch

    Web path scanner

    Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22


  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • setoolkit

    The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

    Project mention: any tips for using SET toolkit? | /r/hacking | 2023-05-31
  • fsociety

    fsociety Hacking Tools Pack – A Penetration Testing Framework

  • Osintgram

    Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

    Project mention: Historical usernames on Instagram | /r/OSINT | 2023-06-05

    Doing this manually has many advantages, but you can, of course, use Osintgram for speedy results.

  • monkey

    Infection Monkey - An open-source adversary emulation platform

    Project mention: Kaseya Acquired Vonahi Security | /r/msp | 2023-04-25
  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

    Project mention: Penetration Testing Report | /r/Pentesting | 2022-12-20

    or you can also use our open source version:

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • PentestGPT

    A GPT-empowered penetration testing tool

    Project mention: PentestGPT: GPT-Powered Penetration Testing | | 2023-06-02
  • pacu

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

  • Villain

    Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

    Project mention: Is MSF Venom - Metasploit a good investment for the long run in terms of RATs? | /r/Hacking_Tutorials | 2022-12-28

    Villain (recommend)

  • PhoneSploit-Pro

    An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

    Project mention: PhoneSploit Pro | | 2023-01-25

    PhoneSploit Pro It is a Cybersecurity tool using which you can test the security of your Android devices.

  • hoaxshell

    A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

    Project mention: HoaxShell Beta - Integrated with | /r/hacking | 2023-02-17
  • Astra

    Automated Security Testing For REST API's

    Project mention: Good tools for security testing after authentication? | /r/softwaretesting | 2022-06-29

    I want to work through testing scenarios where a malicious user has valid login info and is trying to expose other users' data. Are there any good tools for testing that? I found Astra but it looks like it hasn't been updated in years. Any tutorials or guides would also be much appreciated. Thanks!

  • malicious-pdf

    💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or

    Project mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30

    Wrote a tool two years ago that does some of the PDF-tests. But more could be added:

  • Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

    Project mention: IT Pro Tuesday #223 - iOS Shell, SharePoint Shortcuts, Multithreaded Info Collector & More | /r/ITProTuesday | 2022-10-18

    Reconnoitre is an open-source SNMP tool that collects multithreaded information and service enumeration. hombre_sabio sees it as "a robust security solution… It builds directories for IT structures that store results from various sources. It automates collecting information using suggested commands and directory structures."

  • owasp-masvs

    The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

    Project mention: OWASP MASVS v2.0.0 is out! | /r/cybersecurity | 2023-04-01
  • rapidscan

    :new: The Multi-Tool Web Vulnerability Scanner.

  • evillimiter

    Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

    Project mention: ULPT Request. I have my asshole neighbor's wifi password. Is there a way to make it painfully slow for them to use? | /r/UnethicalLifeProTips | 2022-11-16


  • Lockdoor-Framework

    🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

  • cloud_enum

    Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

    Project mention: initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. | /r/PrivateCyberMiliTec | 2022-11-03
  • Interlace

    Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

  • Ghostwriter

    The SpecterOps project management and reporting engine (by GhostManager)

  • passphrase-wordlist

    Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-06-05.

Python Penetration Testing related posts


What are some of the best open-source Penetration Testing projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 48,135
2 dirsearch 9,747
3 setoolkit 8,947
4 fsociety 8,570
5 Osintgram 6,796
6 monkey 6,184
7 faraday 3,971
8 PentestGPT 3,820
9 pacu 3,432
10 Villain 2,843
11 PhoneSploit-Pro 2,826
12 hoaxshell 2,429
13 Astra 2,245
14 malicious-pdf 2,160
15 Reconnoitre 2,027
16 owasp-masvs 1,746
17 rapidscan 1,435
18 evillimiter 1,269
19 Lockdoor-Framework 1,149
20 cloud_enum 1,121
21 Interlace 1,077
22 Ghostwriter 945
23 passphrase-wordlist 942
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives