Top 23 Python Penetration Testing Projects

Penetration Testing

• Add a project

1. PayloadsAllTheThings

   1 36 67,624 8.8 Python

   A list of useful payloads and bypass for Web Application Security and Pentest/CTF

   

   Project mention: List of Useful Payloads and Bypass for Web Application Security and Pentest/CTF | news.ycombinator.com | 2025-03-14

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. dirsearch

   2 12 13,080 8.3 Python

   Web path scanner

   

4. setoolkit

   3 8 12,109 6.2 Python

   The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

   

5. fsociety

   4 2 11,310 0.0 Python

   fsociety Hacking Tools Pack – A Penetration Testing Framework

   

6. Osintgram

   5 32 10,960 0.9 Python

   Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

   

7. PentestGPT

   6 18 8,475 4.4 Python

   A GPT-empowered penetration testing tool

   

8. monkey

   7 5 6,821 9.1 Python

   Infection Monkey - An open-source adversary emulation platform

   

9. Stream

   getstream.io featured

   Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

   

10. faraday

    8 8 5,516 2.7 Python

    Open Source Vulnerability Management Platform (by infobyte)

    

11. PhoneSploit-Pro

    9 1 5,076 6.2 Python

    An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

    

12. pacu

    10 14 4,767 7.8 Python

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

    

    Project mention: Attacking Misconfigured Amazon Cognito: Zero-Click Account Takeover | dev.to | 2025-02-17

    Using the console command in the Pacu Framework we can scale access to the AWS console in the browser, making exploration easier.

13. Nettacker

    11 1 4,303 9.1 Python

    Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

    

    Project mention: Nettacker: Open-Source Automated Penetration Testing and Vulnerability Scanner | news.ycombinator.com | 2024-09-03

14. Villain

    12 2 4,155 8.4 Python

    Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

    

15. hoaxshell

    13 6 3,272 5.6 Python

    A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

    

16. malicious-pdf

    14 13 3,070 6.5 Python

    💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

    

17. Astra

    15 2 2,579 3.4 Python

    Automated Security Testing For REST API's

    

18. slowloris

    16 3 2,571 0.0 Python

    Low bandwidth DoS tool. Slowloris rewrite in Python.

    

19. owasp-masvs

    17 10 2,192 3.3 Python

    The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

    

20. Reconnoitre

    18 2 2,159 0.0 Python

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

    

21. SysReptor

    19 3 2,011 9.8 Python

    A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

    

22. cloud_enum

    20 3 1,868 4.1 Python

    Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

    

    Project mention: 🐞 Comprehensive Bug Bounty Hunting Methodology | dev.to | 2025-06-01

    - Utilize tools like **[Cloud_Enum](https://github.com/initstring/cloud_enum)** to perform a broad search across multiple cloud providers (AWS, Azure, GCP) for assets related to the target organization. This tool helps discover storage buckets, cloud functions, and other publicly exposed resources.

23. rapidscan

    21 1 1,861 4.1 Python

    :new: The Multi-Tool Web Vulnerability Scanner.

    

24. evillimiter

    22 11 1,737 0.0 Python

    Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

    

25. Ghostwriter

    23 2 1,556 9.5 Python

    The SpecterOps project management and reporting engine (by GhostManager)

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Python Penetration Testing related posts

• Attacking Misconfigured Amazon Cognito: Zero-Click Account Takeover

  1 project | dev.to | 17 Feb 2025

• Always keep this hacking technique in mind

  1 project | dev.to | 16 Feb 2025

• Pentesting AWS VPCs: Identifying and Mitigating Risks

  2 projects | dev.to | 3 Aug 2024

• nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled

  1 project | /r/bugbountybeginner | 8 Sep 2023

• Ask HN: Resources for College Cybersecurity Club?

  1 project | news.ycombinator.com | 27 Aug 2023

• De um mimo até a elevação de privilégios na Cloud

  1 project | dev.to | 27 Jul 2023

• PentestGPT

  1 project | news.ycombinator.com | 18 Jun 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 10 Jul 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Python projects with our weekly report!