Top 23 Python Penetration Testing Projects

• PayloadsAllTheThings

  18 48,135 6.7 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Project mention: Becoming a security researcher. Help with a realistic timeline? | /r/AskNetsec | 2023-05-17

  - https://github.com/swisskyrepo/PayloadsAllTheThings - https://book.hacktricks.xyz/welcome/readme

• dirsearch

  5 9,747 8.2 Python

  Web path scanner

  Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22

  DirSearch

• Sonar

  www.sonarsource.com

  sponsored

  Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  

• setoolkit

  4 8,947 0.0 Python

  The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

  

  Project mention: any tips for using SET toolkit? | /r/hacking | 2023-05-31

• fsociety

  0 8,570 0.0 Python

  fsociety Hacking Tools Pack – A Penetration Testing Framework

• Osintgram

  13 6,796 0.0 Python

  Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

  Project mention: Historical usernames on Instagram | /r/OSINT | 2023-06-05

  Doing this manually has many advantages, but you can, of course, use Osintgram for speedy results.

• monkey

  2 6,184 10.0 Python

  Infection Monkey - An open-source adversary emulation platform

  

  Project mention: Kaseya Acquired Vonahi Security | /r/msp | 2023-04-25

• faraday

  5 3,971 9.6 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

  Project mention: Penetration Testing Report | /r/Pentesting | 2022-12-20

  or you can also use our open source version: https://github.com/infobyte/faraday

• InfluxDB

  www.influxdata.com

  sponsored

  Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  

• PentestGPT

  16 3,820 9.2 Python

  A GPT-empowered penetration testing tool

  Project mention: PentestGPT: GPT-Powered Penetration Testing | news.ycombinator.com | 2023-06-02

• pacu

  0 3,432 0.0 Python

  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

  

• Villain

  2 2,843 10.0 Python

  Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

  Project mention: Is MSF Venom - Metasploit a good investment for the long run in terms of RATs? | /r/Hacking_Tutorials | 2022-12-28

  Villain (recommend) https://github.com/t3l3machus/Villain

• PhoneSploit-Pro

  1 2,826 10.0 Python

  An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

  Project mention: PhoneSploit Pro | dev.to | 2023-01-25

  PhoneSploit Pro It is a Cybersecurity tool using which you can test the security of your Android devices.

• hoaxshell

  5 2,429 8.1 Python

  A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

  Project mention: HoaxShell Beta - Integrated with RevShells.com | /r/hacking | 2023-02-17

• Astra

  1 2,245 0.0 Python

  Automated Security Testing For REST API's

  

  Project mention: Good tools for security testing after authentication? | /r/softwaretesting | 2022-06-29

  I want to work through testing scenarios where a malicious user has valid login info and is trying to expose other users' data. Are there any good tools for testing that? I found Astra but it looks like it hasn't been updated in years. Any tutorials or guides would also be much appreciated. Thanks!

• malicious-pdf

  2 2,160 0.0 Python

  💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

  Project mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30

  Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf

• Reconnoitre

  1 2,027 0.0 Python

  A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

  Project mention: IT Pro Tuesday #223 - iOS Shell, SharePoint Shortcuts, Multithreaded Info Collector & More | /r/ITProTuesday | 2022-10-18

  Reconnoitre is an open-source SNMP tool that collects multithreaded information and service enumeration. hombre_sabio sees it as "a robust security solution… It builds directories for IT structures that store results from various sources. It automates collecting information using suggested commands and directory structures."

• owasp-masvs

  2 1,746 4.1 Python

  The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  

  Project mention: OWASP MASVS v2.0.0 is out! | /r/cybersecurity | 2023-04-01

• rapidscan

  0 1,435 0.0 Python

  :new: The Multi-Tool Web Vulnerability Scanner.

  

• evillimiter

  3 1,269 0.0 Python

  Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

  Project mention: ULPT Request. I have my asshole neighbor's wifi password. Is there a way to make it painfully slow for them to use? | /r/UnethicalLifeProTips | 2022-11-16

  evillimiter

• Lockdoor-Framework

  0 1,149 0.0 Python

  🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

• cloud_enum

  2 1,121 2.7 Python

  Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

  Project mention: initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. | /r/PrivateCyberMiliTec | 2022-11-03

• Interlace

  0 1,077 0.0 Python

  Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

• Ghostwriter

  0 945 8.3 Python

  The SpecterOps project management and reporting engine (by GhostManager)

  

• passphrase-wordlist

  0 942 0.0 Python

  Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

• SaaSHub

  www.saashub.com

  sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Penetration Testing related posts

• PentestGPT: GPT-Powered Penetration Testing
  1 project | news.ycombinator.com | 2 Jun 2023
• any tips for using SET toolkit?
  2 projects | /r/hacking | 31 May 2023
• New Attack Surface Discovery tool : OrgASM
  1 project | /r/cybersecurity | 31 May 2023
• Securing PDF Generators Against SSRF Vulnerabilities
  1 project | /r/netsec | 30 May 2023
• Fundamental LangChain Question
  4 projects | /r/LangChain | 18 May 2023
• Why are so many people vastly underestimating AI?
  3 projects | /r/artificial | 18 May 2023
• Hackathon Ideas? Gen AI
  5 projects | /r/hackathon | 11 May 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 6 Jun 2023

  Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!