Python Penetration Testing

Open-source Python projects categorized as Penetration Testing

Top 23 Python Penetration Testing Projects

Penetration Testing
  1. PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: List of Useful Payloads and Bypass for Web Application Security and Pentest/CTF | news.ycombinator.com | 2025-03-14
  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. dirsearch

    Web path scanner

  4. setoolkit

    The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

  5. fsociety

    fsociety Hacking Tools Pack – A Penetration Testing Framework

  6. Osintgram

    Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

  7. PentestGPT

    A GPT-empowered penetration testing tool

  8. monkey

    Infection Monkey - An open-source adversary emulation platform

  9. Stream

    Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

    Stream logo
  10. faraday

    Open Source Vulnerability Management Platform (by infobyte)

  11. PhoneSploit-Pro

    An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

  12. pacu

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

    Project mention: Attacking Misconfigured Amazon Cognito: Zero-Click Account Takeover | dev.to | 2025-02-17

    Using the console command in the Pacu Framework we can scale access to the AWS console in the browser, making exploration easier.

  13. Nettacker

    Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

    Project mention: Nettacker: Open-Source Automated Penetration Testing and Vulnerability Scanner | news.ycombinator.com | 2024-09-03
  14. Villain

    Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

  15. hoaxshell

    A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

  16. malicious-pdf

    💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

  17. Astra

    Automated Security Testing For REST API's

  18. slowloris

    Low bandwidth DoS tool. Slowloris rewrite in Python.

  19. owasp-masvs

    The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  20. Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

  21. SysReptor

    A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

  22. cloud_enum

    Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

    Project mention: 🐞 Comprehensive Bug Bounty Hunting Methodology | dev.to | 2025-06-01

    - Utilize tools like **[Cloud_Enum](https://github.com/initstring/cloud_enum)** to perform a broad search across multiple cloud providers (AWS, Azure, GCP) for assets related to the target organization. This tool helps discover storage buckets, cloud functions, and other publicly exposed resources.

  23. rapidscan

    :new: The Multi-Tool Web Vulnerability Scanner.

  24. evillimiter

    Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

  25. Ghostwriter

    The SpecterOps project management and reporting engine (by GhostManager)

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python Penetration Testing discussion

Log in or Post with

Python Penetration Testing related posts

  • Attacking Misconfigured Amazon Cognito: Zero-Click Account Takeover

    1 project | dev.to | 17 Feb 2025
  • Always keep this hacking technique in mind

    1 project | dev.to | 16 Feb 2025
  • Pentesting AWS VPCs: Identifying and Mitigating Risks

    2 projects | dev.to | 3 Aug 2024
  • nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled

    1 project | /r/bugbountybeginner | 8 Sep 2023
  • Ask HN: Resources for College Cybersecurity Club?

    1 project | news.ycombinator.com | 27 Aug 2023
  • De um mimo até a elevação de privilégios na Cloud

    1 project | dev.to | 27 Jul 2023
  • PentestGPT

    1 project | news.ycombinator.com | 18 Jun 2023
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 10 Jul 2025
    InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

What are some of the best open-source Penetration Testing projects in Python? This list will help you:

# Project Stars
1 PayloadsAllTheThings 67,624
2 dirsearch 13,080
3 setoolkit 12,109
4 fsociety 11,310
5 Osintgram 10,960
6 PentestGPT 8,475
7 monkey 6,821
8 faraday 5,516
9 PhoneSploit-Pro 5,076
10 pacu 4,767
11 Nettacker 4,303
12 Villain 4,155
13 hoaxshell 3,272
14 malicious-pdf 3,070
15 Astra 2,579
16 slowloris 2,571
17 owasp-masvs 2,192
18 Reconnoitre 2,159
19 SysReptor 2,011
20 cloud_enum 1,868
21 rapidscan 1,861
22 evillimiter 1,737
23 Ghostwriter 1,556

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com