Python Pentesting

Open-source Python projects categorized as Pentesting | Edit details

Top 23 Python Pentesting Projects

  • SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: I will hacker you 😈😈 | | 2022-05-06

    Actually python is powerful enough for developing hacking tools, just as Routersploit, SQLMap etc.

  • Ciphey

    ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

    Project mention: How do I get Ciphey to use more cores for decryption? | | 2022-02-16


  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • owasp-mstg

    The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

    Project mention: Moving from Web application pentesting to mobile. | | 2022-04-04

    - OWASP is as usual a good resource:

  • dirsearch

    Web path scanner

    Project mention: Release dirsearch v0.4.2 - Web Path Scanner | | 2021-09-12
  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: About OSINT Search Engine | | 2022-04-17

    Have you tried SpiderFoot. Let it run for a day and you will be amazed at the findings!

  • pupy

    Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

    Project mention: Safe rat? | | 2021-10-07
  • CrackMapExec

    A swiss army knife for pentesting networks

    Project mention: Implied Trust Relationship Exploitation - Redbot Security | | 2022-04-30

    After gaining a local administrator NTLM password hash using SMB relay attacks, Redbot Security used the “CrackMapExec” tool to pass the local administrator hash to all systems and found multiple systems using the same password:

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • hacktricks

    Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

  • faraday

    Collaborative Penetration Test and Vulnerability Management Platform (by infobyte)

    Project mention: Recommendation for Vulnerability Management Solution | | 2022-04-08


  • commix

    Automated All-in-One OS Command Injection Exploitation Tool.

  • drozer

    The Leading Security Assessment Framework for Android.

    Project mention: Is drozer still relevant for mobile pentest? | | 2022-05-13

    Does anyone still use drozer for mobile pentest nowadays? I've just checked it's github page and found that the development had been stopped.

  • Raccoon

    A high performance offensive security tool for reconnaissance and vulnerability scanning

    Project mention: I wrote a blazing fast subdomain enumerator! (100.000 domains checked under 10 minutes!) | | 2022-03-16

    This + Raccoon seems like it would be a great first recon scan.

  • EvilOSX

    An evil RAT (Remote Administration Tool) for macOS / OS X.

    Project mention: Some information and advice about DDoS, from someone who was there during #opPayback | | 2022-02-27
  • malicious-pdf

    💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or

    Project mention: Cybersecurity linkovi | | 2022-04-29
  • CloudFail

    Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

    Project mention: Awesome Penetration Testing | | 2021-10-06

    CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.

  • weird_proxies

    Reverse proxies cheatsheet

    Project mention: Analysis of Behaviour of Various Proxies | | 2022-01-19
  • reconspider

    🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

    Project mention: ReconSpider Osint Framework | | 2022-01-12
  • mongoaudit

    🔥 A powerful MongoDB auditing and pentesting tool 🔥

  • evillimiter

    Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

    Project mention: Error while using Evillimmiter | | 2022-05-18

    This issue isn’t fixed yet in some cases -> But i guess they are working on it. Here are some similar programs I would recommend NetStalker tuxcut there’s also a windows version for Evillimiter Evillimiter-windows. Hope this helps if you have any other questions feel free to dm.

  • Lockdoor-Framework

    🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

    Project mention: Lockdoor Framework 2.3 release, a penetration testing framework | | 2021-06-16

    Check the website here

  • scanless

    online port scan scraper

    Project mention: Awesome Penetration Testing | | 2021-10-06

    scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.

  • RAASNet

    Open-Source Ransomware As A Service for Linux, MacOS and Windows

    Project mention: how to implement - RAASNET: RANSOMWARE | | 2021-08-08
  • DumpsterFire

    "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

    Project mention: How to keep a SOC on their toes | | 2021-11-18
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-18.

Python Pentesting related posts


What are some of the best open-source Pentesting projects in Python? This list will help you:

Project Stars
1 SQLMap 23,479
2 Ciphey 9,841
3 owasp-mstg 8,948
4 dirsearch 7,980
5 spiderfoot 7,881
6 pupy 7,010
7 CrackMapExec 5,893
8 hacktricks 4,587
9 faraday 3,327
10 commix 3,254
11 drozer 2,793
12 Raccoon 2,468
13 EvilOSX 1,894
14 malicious-pdf 1,680
15 CloudFail 1,589
16 weird_proxies 1,401
17 reconspider 1,262
18 mongoaudit 1,238
19 evillimiter 1,056
20 Lockdoor-Framework 1,014
21 scanless 941
22 RAASNet 897
23 DumpsterFire 830
Find remote jobs at our new job board There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives