Top 23 Python Pentesting Projects

Pentesting

• Add a project

1. sherlock

   1 115 62,984 9.4 Python

   Hunt down social media accounts by username across social networks

   

   Project mention: Sherlock: Hunt down social media accounts by username across 400 social networks | news.ycombinator.com | 2024-12-25

   the only data needed are the urls from https://github.com/sherlock-project/sherlock/blob/master/she...

   [1] https://www.reddit.com/r/github/comments/1at9br4/i_am_new_to...

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. SQLMap

   2 43 33,559 8.7 Python

   Automatic SQL injection and database takeover tool

   

   Project mention: The Impact of Open-Source Tools in Cyber Warfare: A Deep Dive | dev.to | 2025-03-06

   Open-source tools have led to a significant transformation in cyber warfare for two primary reasons: cost-effectiveness and community-driven innovation. Tools such as SQLmap and Aircrack-ng exemplify how attackers exploit vulnerabilities, making it easier for individuals with limited resources to engage in cyber exploits. Conversely, defensive tools like Snort and OSSEC empower security professionals to monitor networks and system logs, helping organizations detect and mitigate breaches in real time. The evolution does not stop at merely having access to these tools but extends to how continuously they are updated and improved. The community-driven nature of open-source software encourages ongoing enhancements and shared knowledge. This, however, is paired with increased risk. With any tool that is available to all, the challenge of distinguishing ethical use from malicious intent becomes prominent, placing a heavier burden on security professionals to adapt and be vigilant.

4. Ciphey

   3 27 18,814 0.0 Python

   ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

   

5. spiderfoot

   4 21 13,911 0.0 Python

   SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

   

   Project mention: SpiderFoot automates OSINT for threat intelligence | news.ycombinator.com | 2024-07-03

   Some would disagree with that statement: <https://github.com/smicallef/spiderfoot/issues>

     The little development on the project is probably due to it's age.

6. dirsearch

   5 12 12,660 8.8 Python

   Web path scanner

   

7. owasp-mastg

   6 23 12,041 9.5 Python

   The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

   

   Project mention: The Case for Standards in Mobile App Security | dev.to | 2024-07-31

   The OWASP Mobile Application Security (MAS) flagship project provides a robust security standard for mobile apps, known as the OWASP MASVS, along with a comprehensive testing guide (OWASP MASTG). These resources cover the processes, techniques, and tools used during a mobile app security test, ensuring consistent and complete results.

8. pupy

   7 3 8,616 3.7 Python

   Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. bbot

    8 6 8,157 9.9 Python

    The recursive internet scanner for hackers. 🧡

    

    Project mention: Blacklanternsecurity / Bbot | news.ycombinator.com | 2024-12-13

11. DefaultCreds-cheat-sheet

    9 2 5,985 6.8 Python

    One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

    

12. androguard

    10 1 5,473 8.0 Python

    Reverse engineering and pentesting for Android applications

    

13. faraday

    11 8 5,265 3.9 Python

    Open Source Vulnerability Management Platform (by infobyte)

    

14. commix

    12 4 5,181 8.8 Python

    Automated All-in-One OS Command Injection Exploitation Tool.

    

15. PhoneSploit-Pro

    13 1 4,992 6.2 Python

    An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

    

16. drozer

    14 2 4,094 7.9 Python

    The Leading Security Assessment Framework for Android.

    

17. Villain

    15 2 3,945 9.1 Python

    Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

    

18. Nettacker

    16 1 3,881 9.2 Python

    Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

    

    Project mention: Nettacker: Open-Source Automated Penetration Testing and Vulnerability Scanner | news.ycombinator.com | 2024-09-03

19. pocsuite3

    17 2 3,694 5.6 Python

    pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

    

20. NetExec

    18 2 3,663 9.8 Python

    The Network Execution Tool

    

    Project mention: Hack The Box Writeup: Heist | dev.to | 2024-07-05

    NOTE: The last time I rooted this machine, it was July 2023. At time of editing, (July 2024), CrackMapExec has been deprecated, and it's generally recommended to use NetExec (NXC). The syntax should be very similar, and it should get you through this portion of the writeup.

21. blackbird

    19 7 3,277 8.8 Python

    An OSINT tool to search for accounts by username and email in social networks. (by p1ngul1n0)

    

22. Raccoon

    20 4 3,156 0.0 Python

    A high performance offensive security tool for reconnaissance and vulnerability scanning

    

23. malicious-pdf

    21 13 2,953 3.9 Python

    💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

    

24. slowloris

    22 3 2,518 0.0 Python

    Low bandwidth DoS tool. Slowloris rewrite in Python.

    

25. CloudFail

    23 1 2,306 2.0 Python

    Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Python Pentesting related posts

• The Case for Standards in Mobile App Security

  1 project | dev.to | 31 Jul 2024

• Hack The Box Writeup: Heist

  4 projects | dev.to | 5 Jul 2024

• SSH-Snake: Automated SSH-Based Network Traversal

  5 projects | news.ycombinator.com | 5 Jan 2024

• Google Play rolls out an "Independent security review" badge for apps

  2 projects | news.ycombinator.com | 3 Nov 2023

• Code from the book “Black Hat Python” refactored and ported to Python 3

  1 project | news.ycombinator.com | 15 Jun 2023

• Where do you look for help when doing ctf

  1 project | /r/Hacking_Tutorials | 8 Jun 2023

• Securing PDF Generators Against SSRF Vulnerabilities

  1 project | /r/netsec | 30 May 2023
• A note from our sponsor - CodeRabbit
  coderabbit.ai | 19 Mar 2025

  Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →

Index

Sponsored

CodeRabbit: AI Code Reviews for Developers

Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

coderabbit.ai

Do not miss the trending Python projects with our weekly report!