Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression. Learn more →
Top 23 Python Penetration Testing Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Project mention: Becoming a security researcher. Help with a realistic timeline? | /r/AskNetsec | 2023-05-17- https://github.com/swisskyrepo/PayloadsAllTheThings - https://book.hacktricks.xyz/welcome/readme
-
Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22
DirSearch
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
setoolkit
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
-
-
Osintgram
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
Doing this manually has many advantages, but you can, of course, use Osintgram for speedy results.
-
-
or you can also use our open source version: https://github.com/infobyte/faraday
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
-
pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
-
Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Project mention: Is MSF Venom - Metasploit a good investment for the long run in terms of RATs? | /r/Hacking_Tutorials | 2022-12-28Villain (recommend) https://github.com/t3l3machus/Villain
-
PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
PhoneSploit Pro It is a Cybersecurity tool using which you can test the security of your Android devices.
-
hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
-
Project mention: Good tools for security testing after authentication? | /r/softwaretesting | 2022-06-29
I want to work through testing scenarios where a malicious user has valid login info and is trying to expose other users' data. Are there any good tools for testing that? I found Astra but it looks like it hasn't been updated in years. Any tutorials or guides would also be much appreciated. Thanks!
-
malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf
-
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Project mention: IT Pro Tuesday #223 - iOS Shell, SharePoint Shortcuts, Multithreaded Info Collector & More | /r/ITProTuesday | 2022-10-18Reconnoitre is an open-source SNMP tool that collects multithreaded information and service enumeration. hombre_sabio sees it as "a robust security solution… It builds directories for IT structures that store results from various sources. It automates collecting information using suggested commands and directory structures."
-
owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
-
-
evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Project mention: ULPT Request. I have my asshole neighbor's wifi password. Is there a way to make it painfully slow for them to use? | /r/UnethicalLifeProTips | 2022-11-16evillimiter
-
Lockdoor-Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
-
Project mention: initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. | /r/PrivateCyberMiliTec | 2022-11-03
-
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
-
-
passphrase-wordlist
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Python Penetration Testing related posts
- PentestGPT: GPT-Powered Penetration Testing
- any tips for using SET toolkit?
- New Attack Surface Discovery tool : OrgASM
- Securing PDF Generators Against SSRF Vulnerabilities
- Fundamental LangChain Question
- Why are so many people vastly underestimating AI?
- Hackathon Ideas? Gen AI
-
A note from our sponsor - InfluxDB
www.influxdata.com | 6 Jun 2023
Index
What are some of the best open-source Penetration Testing projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | PayloadsAllTheThings | 48,135 |
2 | dirsearch | 9,747 |
3 | setoolkit | 8,947 |
4 | fsociety | 8,570 |
5 | Osintgram | 6,796 |
6 | monkey | 6,184 |
7 | faraday | 3,971 |
8 | PentestGPT | 3,820 |
9 | pacu | 3,432 |
10 | Villain | 2,843 |
11 | PhoneSploit-Pro | 2,826 |
12 | hoaxshell | 2,429 |
13 | Astra | 2,245 |
14 | malicious-pdf | 2,160 |
15 | Reconnoitre | 2,027 |
16 | owasp-masvs | 1,746 |
17 | rapidscan | 1,435 |
18 | evillimiter | 1,269 |
19 | Lockdoor-Framework | 1,149 |
20 | cloud_enum | 1,121 |
21 | Interlace | 1,077 |
22 | Ghostwriter | 945 |
23 | passphrase-wordlist | 942 |