Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression. Learn more →
Top 23 Python Penetration Testing Projects
A list of useful payloads and bypass for Web Application Security and Pentest/CTFProject mention: Becoming a security researcher. Help with a realistic timeline? | /r/AskNetsec | 2023-05-17
- https://github.com/swisskyrepo/PayloadsAllTheThings - https://book.hacktricks.xyz/welcome/readme
Web path scannerProject mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
fsociety Hacking Tools Pack – A Penetration Testing Framework
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nicknameProject mention: Historical usernames on Instagram | /r/OSINT | 2023-06-05
Doing this manually has many advantages, but you can, of course, use Osintgram for speedy results.
Infection Monkey - An open-source adversary emulation platformProject mention: Kaseya Acquired Vonahi Security | /r/msp | 2023-04-25
Open Source Vulnerability Management Platform (by infobyte)Project mention: Penetration Testing Report | /r/Pentesting | 2022-12-20
or you can also use our open source version: https://github.com/infobyte/faraday
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
A GPT-empowered penetration testing toolProject mention: PentestGPT: GPT-Powered Penetration Testing | news.ycombinator.com | 2023-06-02
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).Project mention: Is MSF Venom - Metasploit a good investment for the long run in terms of RATs? | /r/Hacking_Tutorials | 2022-12-28
Villain (recommend) https://github.com/t3l3machus/Villain
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.Project mention: PhoneSploit Pro | dev.to | 2023-01-25
PhoneSploit Pro It is a Cybersecurity tool using which you can test the security of your Android devices.
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.Project mention: HoaxShell Beta - Integrated with RevShells.com | /r/hacking | 2023-02-17
Automated Security Testing For REST API'sProject mention: Good tools for security testing after authentication? | /r/softwaretesting | 2022-06-29
I want to work through testing scenarios where a malicious user has valid login info and is trying to expose other users' data. Are there any good tools for testing that? I found Astra but it looks like it hasn't been updated in years. Any tutorials or guides would also be much appreciated. Thanks!
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.shProject mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30
Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.Project mention: IT Pro Tuesday #223 - iOS Shell, SharePoint Shortcuts, Multithreaded Info Collector & More | /r/ITProTuesday | 2022-10-18
Reconnoitre is an open-source SNMP tool that collects multithreaded information and service enumeration. hombre_sabio sees it as "a robust security solution… It builds directories for IT structures that store results from various sources. It automates collecting information using suggested commands and directory structures."
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.Project mention: OWASP MASVS v2.0.0 is out! | /r/cybersecurity | 2023-04-01
:new: The Multi-Tool Web Vulnerability Scanner.
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.Project mention: ULPT Request. I have my asshole neighbor's wifi password. Is there a way to make it painfully slow for them to use? | /r/UnethicalLifeProTips | 2022-11-16
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.Project mention: initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. | /r/PrivateCyberMiliTec | 2022-11-03
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
The SpecterOps project management and reporting engine (by GhostManager)
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Python Penetration Testing related posts
PentestGPT: GPT-Powered Penetration Testing
1 project | news.ycombinator.com | 2 Jun 2023
any tips for using SET toolkit?
2 projects | /r/hacking | 31 May 2023
New Attack Surface Discovery tool : OrgASM
1 project | /r/cybersecurity | 31 May 2023
Securing PDF Generators Against SSRF Vulnerabilities
1 project | /r/netsec | 30 May 2023
Fundamental LangChain Question
4 projects | /r/LangChain | 18 May 2023
Why are so many people vastly underestimating AI?
3 projects | /r/artificial | 18 May 2023
Hackathon Ideas? Gen AI
5 projects | /r/hackathon | 11 May 2023
A note from our sponsor - InfluxDB
www.influxdata.com | 6 Jun 2023
What are some of the best open-source Penetration Testing projects in Python? This list will help you: