Top 12 Python penetration-testing-tool Projects

Villain

2 3,563 7.7 Python

Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
SSTImap

5 644 3.1 Python

Automatic SSTI detection and exploitation tool with interactive interface
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Spoofy

2 532 5.4 Python

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
STEWS

2 286 1.8 Python

A Security Tool for Enumerating WebSockets

Project mention: WebSocket security: 9 common vulnerabilities & prevention methods | dev.to | 2023-09-25

Comprehensive WebSocket security testing requires a deep understanding of the WebSocket protocol and practical experience in both manual and automated security testing techniques. Open tools like STEWS can detect known WebSocket vulnerabilities while commercial security tools like Burp Suite exist to intercept and manipulate WebSocket frames with ease, however they won't catch everything. Perform manual testing and fuzzing to identify unexpected behavior or vulnerabilities that automated tools might miss.

jwtXploiter

3 257 0.0 Python

A tool to test security of json web token
DevBrute

1 195 6.4 Python

DevBrute is a versatile password brute forcing tool designed to tackle a wide range of Social Media accounts and Web Applications. With its robust capabilities, it's adept at breaking through various security barriers.

Project mention: Selecting wordlists | /r/ethicalhacking | 2023-05-30

You will have to use a tool to bruteforce. Wordlists are just passwords in a list. A bruteforcer uses the list and tries each password one by one. So in short you could use some bruteforcer like https://github.com/shivamksharma/DevBrute

BCA-Phantom

1 93 0.0 Python

A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
htkit

1 56 0.0 Python

Information Gathering Simplified.
aizawa

1 49 6.6 Python

Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
Deep-Inside

1 24 0.0 Python

Command line tool that allows you to explore IoT devices by using Shodan API.
cerberus

3 21 10.0 Python

Cerberus is another simple stressing tool simulating DDoS attacks. (by francesco-ficarola)
asio

1 11 1.8 Python

All Shell In One. Generate Reverse Shells and/or generate single code that runs all the payloads. (by jackrendor)

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).