Top 23 Python Pentest Projects

Pentest

• Add a project

1. PayloadsAllTheThings

   1 37 78,311 8.6 Python

   A list of useful payloads and bypass for Web Application Security and Pentest/CTF

   

   Project mention: Irish-Name-Repo 2 - picoCTF '19 (web) | dev.to | 2025-09-06

   if you've never worked on SQL injection that's fine there is a PWNSOME REPOSITORY(get it? pwn + awesome) called[ Payload All The Things (https://github.com/swisskyrepo/PayloadsAllTheThings) it has different payloads for different web vulnerabilities.

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. objection

   2 19 9,188 6.5 Python

   📱 objection - runtime mobile exploration

   

   Project mention: Wanted to spy on my dog, ended up spying on TP-Link | news.ycombinator.com | 2025-09-15

4. DefaultCreds-cheat-sheet

   3 2 6,600 5.7 Python

   One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

   

5. NetExec

   4 2 5,585 9.8 Python

   The Network Execution Tool

   

6. Villain

   5 2 4,382 8.4 Python

   Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

   

7. snoop

   6 8 3,944 8.0 Python

   Snoop — инструмент разведки на основе открытых данных (OSINT world)

   

   Project mention: Snoop Project Update (search for usernames on 5k websites) | news.ycombinator.com | 2026-01-01

8. patator

   7 2 3,883 5.7 Python

   Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

   

9. pentest-wiki

   8 1 3,743 0.0 Python

   PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

   

10. CloudFlair

    9 1 2,949 2.4 Python

    🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

    

11. reconspider

    10 1 2,621 0.0 Python

    🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

    

12. CloudFail

    11 1 2,528 2.0 Python

    Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

    

13. SysReptor

    12 3 2,491 9.7 Python

    A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

    

14. pwn_jenkins

    13 2 2,092 5.5 Python

    Notes about attacking Jenkins servers

    

15. pyrdp

    14 5 1,768 5.6 Python

    RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

    

16. odat

    15 4 1,761 0.0 Python

    ODAT: Oracle Database Attacking Tool

    

17. GraphQLmap

    16 1 1,668 0.0 Python

    GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

    

18. enum4linux-ng

    17 1 1,591 7.3 Python

    A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

    

19. SSTImap

    18 5 1,530 3.3 Python

    Automatic SSTI detection and exploitation tool with interactive interface

    

20. Redcloud

    19 1 1,272 0.0 Python

    Automated Red Team Infrastructure deployement using Docker

    

21. VcenterKit

    20 1 1,254 3.4 Python

    Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

    

22. BeeLogger

    21 2 1,152 0.0 Python

    Generate Gmail Emailing Keyloggers to Windows.

    

23. pywerview

    22 1 1,124 5.9 Python

    A (partial) Python rewriting of PowerSploit's PowerView

    

24. DumpsterFire

    23 3 1,035 0.0 Python

    "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

    

Python Pentest related posts

• Snoop Project Update (search for usernames on 5k websites)

  1 project | news.ycombinator.com | 1 Jan 2026

• Irish-Name-Repo 2 - picoCTF '19 (web)

  1 project | dev.to | 6 Sep 2025

• List of Useful Payloads and Bypass for Web Application Security and Pentest/CTF

  1 project | news.ycombinator.com | 14 Mar 2025

• PayloadsAllTheThings: Essential Payloads and Bypass for Web Security and CTFs

  1 project | news.ycombinator.com | 11 Aug 2024

• Hack The Box Writeup: Heist

  4 projects | dev.to | 5 Jul 2024

• Osint update of the Snoop Project tool search for user by nickname

  1 project | news.ycombinator.com | 2 Jan 2024

• php shell not executed in wordpress

  1 project | /r/hacking | 8 Dec 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 12 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!