Top 23 Python Penetration Testing Projects

• PayloadsAllTheThings

  34 56,534 8.6 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

• dirsearch

  12 11,179 7.9 Python

  Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• setoolkit

  8 10,196 0.0 Python

  The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

  

Project mention: Ask HN: Resources for College Cybersecurity Club? | news.ycombinator.com | 2023-08-27

[2] https://github.com/trustedsec/social-engineer-toolkit

• fsociety

  2 10,071 0.0 Python

  fsociety Hacking Tools Pack – A Penetration Testing Framework

• Osintgram

  32 8,658 1.9 Python

  Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Project mention: facebook hack | /r/Kalilinux | 2023-06-28

If the tattoo studios aren't necessary to have been from facebook specifically, Osintgram is a pretty effective tool for scraping shit from Instagram really quickly that could theoretically be used to achieve this, if not perhaps in a roundabout sort of way like starting from one business you know and getting shit from their friends' info and so on. I could swear that I had known about a similar tool for facebook, but I'm drawing a blank right now...

• rengine

  4 6,685 9.6 Python

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21

I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.

• monkey

  5 6,476 10.0 Python

  Infection Monkey - An open-source adversary emulation platform

  

Project mention: Security Audit Scan | /r/msp | 2023-06-14

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• PentestGPT

  18 6,311 8.6 Python

  A GPT-empowered penetration testing tool

Project mention: PentestGPT | news.ycombinator.com | 2023-06-18

• faraday

  8 4,600 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• PhoneSploit-Pro

  1 4,165 7.4 Python

  An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

• pacu

  10 4,005 8.8 Python

  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

  

Project mention: De um mimo até a elevação de privilégios na Cloud | dev.to | 2023-07-27

Pra isso, usei a belíssima ferramenta Pacu https://github.com/RhinoSecurityLabs/pacu.

• Villain

  2 3,561 7.7 Python

  Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

• hoaxshell

  6 2,880 3.3 Python

  A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Project mention: ExploitToolFinder | /r/hacking | 2023-06-16

• malicious-pdf

  13 2,585 0.0 Python

  💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Project mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30

Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf

• Astra

  2 2,421 0.0 Python

  Automated Security Testing For REST API's

  

• slowloris

  3 2,333 2.8 Python

  Low bandwidth DoS tool. Slowloris rewrite in Python.

• Reconnoitre

  2 2,065 0.0 Python

  A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

• owasp-masvs

  10 1,943 5.6 Python

  The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  

Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03

https://github.com/OWASP/owasp-masvs :

> The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

• rapidscan

  1 1,649 4.1 Python

  :new: The Multi-Tool Web Vulnerability Scanner.

  

• evillimiter

  11 1,478 0.0 Python

  Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

• cloud_enum

  2 1,462 2.8 Python

  Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

• inql

  3 1,455 5.9 Python

  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  

• Lockdoor-Framework

  2 1,291 2.7 Python

  🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Penetration Testing related posts

• nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
  1 project | /r/bugbountybeginner | 8 Sep 2023
• Ask HN: Resources for College Cybersecurity Club?
  1 project | news.ycombinator.com | 27 Aug 2023
• De um mimo até a elevação de privilégios na Cloud
  1 project | dev.to | 27 Jul 2023
• PentestGPT
  1 project | news.ycombinator.com | 18 Jun 2023
• PentestGPT, a gpt-powered penetration testing tool, open source
  1 project | /r/netsec | 18 Jun 2023
• ExploitToolFinder
  2 projects | /r/hacking | 16 Jun 2023
• Security Audit Scan
  1 project | /r/msp | 14 Jun 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 19 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!