SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Python Pentest Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
-
pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
CloudFlair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
-
CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
-
macro_pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
-
reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
-
pyrdp
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
-
GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
-
SysReptor
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
-
enum4linux-ng
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
-
DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
Project mention: Osint update of the Snoop Project tool search for user by nickname | news.ycombinator.com | 2024-01-02
Project mention: Researchers watched 100 hours of hackers hacking honeypot computers | news.ycombinator.com | 2023-08-10The RDP interception tool used by the researchers: https://github.com/gosecure/pyrdp
Project mention: sysreptor alternatives - writehat, Serpico, ReportGen, and pwndoc | libhunt.com/r/sysreptor | 2023-05-02
Project mention: VcenterKit: Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit | /r/blueteamsec | 2023-08-26
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Python Pentest related posts
- Osint update of the Snoop Project tool search for user by nickname
- php shell not executed in wordpress
- Updated OSINT tool to search for user by nickname
- XXE-XML External Entities Attacks
- Snoop Project OSINT tool search by username on 3200 sites
- Researchers watched 100 hours of hackers hacking honeypot computers
- New Attack Surface Discovery tool : OrgASM
-
A note from our sponsor - SaaSHub
www.saashub.com | 27 Apr 2024
Index
What are some of the best open-source Pentest projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | PayloadsAllTheThings | 56,681 |
| 2 | objection | 6,993 |
| 3 | DefaultCreds-cheat-sheet | 5,269 |
| 4 | Villain | 3,563 |
| 5 | patator | 3,465 |
| 6 | pentest-wiki | 3,317 |
| 7 | snoop | 2,683 |
| 8 | CloudFlair | 2,388 |
| 9 | CloudFail | 2,120 |
| 10 | macro_pack | 1,997 |
| 11 | reconspider | 1,902 |
| 12 | pwn_jenkins | 1,890 |
| 13 | odat | 1,553 |
| 14 | pyrdp | 1,434 |
| 15 | GraphQLmap | 1,289 |
| 16 | Redcloud | 1,164 |
| 17 | SysReptor | 1,117 |
| 18 | enum4linux-ng | 1,021 |
| 19 | BlackMamba | 990 |
| 20 | DumpsterFire | 959 |
| 21 | BeeLogger | 958 |
| 22 | VcenterKit | 892 |
| 23 | habu | 854 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com