Python Penetration Testing

Open-source Python projects categorized as Penetration Testing

Top 23 Python Penetration Testing Projects

Penetration Testing
  • PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

    Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

  • Scout Monitoring

    Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

    Scout Monitoring logo
  • dirsearch

    Web path scanner

    Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

    I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

  • setoolkit

    The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

    Project mention: Ask HN: Resources for College Cybersecurity Club? | news.ycombinator.com | 2023-08-27

    [2] https://github.com/trustedsec/social-engineer-toolkit

  • fsociety

    fsociety Hacking Tools Pack – A Penetration Testing Framework

  • Osintgram

    Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

  • PentestGPT

    A GPT-empowered penetration testing tool

  • monkey

    Infection Monkey - An open-source adversary emulation platform

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • PhoneSploit-Pro

    An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

  • pacu

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

    Project mention: Boletín AWS Open Source, June Edition | dev.to | 2024-06-25
  • Villain

    Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

  • hoaxshell

    A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

  • malicious-pdf

    💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

  • Astra

    Automated Security Testing For REST API's

  • slowloris

    Low bandwidth DoS tool. Slowloris rewrite in Python.

  • Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

  • owasp-masvs

    The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

    Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03

    https://github.com/OWASP/owasp-masvs :

    > The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  • rapidscan

    :new: The Multi-Tool Web Vulnerability Scanner.

  • cloud_enum

    Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

  • evillimiter

    Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

  • inql

    InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  • Lockdoor-Framework

    🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

  • SysReptor

    Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python Penetration Testing discussion

Log in or Post with

Python Penetration Testing related posts

  • nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled

    1 project | /r/bugbountybeginner | 8 Sep 2023
  • Ask HN: Resources for College Cybersecurity Club?

    1 project | news.ycombinator.com | 27 Aug 2023
  • De um mimo até a elevação de privilégios na Cloud

    1 project | dev.to | 27 Jul 2023
  • PentestGPT

    1 project | news.ycombinator.com | 18 Jun 2023
  • PentestGPT, a gpt-powered penetration testing tool, open source

    1 project | /r/netsec | 18 Jun 2023
  • ExploitToolFinder

    2 projects | /r/hacking | 16 Jun 2023
  • Security Audit Scan

    1 project | /r/msp | 14 Jun 2023
  • A note from our sponsor - Scout Monitoring
    www.scoutapm.com | 18 Jul 2024
    Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today. Learn more →

Index

What are some of the best open-source Penetration Testing projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 58,386
2 dirsearch 11,599
3 setoolkit 10,504
4 fsociety 10,310
5 Osintgram 9,200
6 PentestGPT 6,706
7 monkey 6,564
8 faraday 4,713
9 PhoneSploit-Pro 4,467
10 pacu 4,198
11 Villain 3,633
12 hoaxshell 2,947
13 malicious-pdf 2,763
14 Astra 2,457
15 slowloris 2,383
16 Reconnoitre 2,081
17 owasp-masvs 1,975
18 rapidscan 1,697
19 cloud_enum 1,551
20 evillimiter 1,537
21 inql 1,494
22 Lockdoor-Framework 1,312
23 SysReptor 1,265

Sponsored
Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
www.scoutapm.com