Top 23 Python Pentesting Projects
Automatic SQL injection and database takeover toolProject mention: I will hacker you 😈😈 | reddit.com/r/linuxmemes | 2022-05-06
Actually python is powerful enough for developing hacking tools, just as Routersploit, SQLMap etc.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡Project mention: How do I get Ciphey to use more cores for decryption? | reddit.com/r/hacking | 2022-02-16
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).Project mention: Moving from Web application pentesting to mobile. | reddit.com/r/AskNetsec | 2022-04-04
- OWASP is as usual a good resource: https://owasp.org/www-project-mobile-security-testing-guide/
Web path scannerProject mention: Release dirsearch v0.4.2 - Web Path Scanner | reddit.com/r/netsec | 2021-09-12
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.Project mention: About OSINT Search Engine | reddit.com/r/cybersecurity | 2022-04-17
Have you tried SpiderFoot. Let it run for a day and you will be amazed at the findings! https://www.spiderfoot.net/
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in pythonProject mention: Safe rat? | reddit.com/r/HowToHack | 2021-10-07
A swiss army knife for pentesting networksProject mention: Implied Trust Relationship Exploitation - Redbot Security | reddit.com/r/NetworkHacks | 2022-04-30
After gaining a local administrator NTLM password hash using SMB relay attacks, Redbot Security used the “CrackMapExec” tool to pass the local administrator hash to all systems and found multiple systems using the same password:
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Collaborative Penetration Test and Vulnerability Management Platform (by infobyte)Project mention: Recommendation for Vulnerability Management Solution | reddit.com/r/netsecstudents | 2022-04-08
Automated All-in-One OS Command Injection Exploitation Tool.
The Leading Security Assessment Framework for Android.Project mention: Is drozer still relevant for mobile pentest? | reddit.com/r/netsecstudents | 2022-05-13
Does anyone still use drozer for mobile pentest nowadays? I've just checked it's github page https://github.com/FSecureLABS/drozer and found that the development had been stopped.
A high performance offensive security tool for reconnaissance and vulnerability scanningProject mention: I wrote a blazing fast subdomain enumerator! (100.000 domains checked under 10 minutes!) | reddit.com/r/hacking | 2022-03-16
This + Raccoon seems like it would be a great first recon scan.
An evil RAT (Remote Administration Tool) for macOS / OS X.Project mention: Some information and advice about DDoS, from someone who was there during #opPayback | reddit.com/r/anonymous | 2022-02-27
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.shProject mention: Cybersecurity linkovi | reddit.com/r/hklbgd | 2022-04-29
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare networkProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
Reverse proxies cheatsheetProject mention: Analysis of Behaviour of Various Proxies | news.ycombinator.com | 2022-01-19
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.Project mention: ReconSpider Osint Framework | news.ycombinator.com | 2022-01-12
🔥 A powerful MongoDB auditing and pentesting tool 🔥
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.Project mention: Error while using Evillimmiter | reddit.com/r/Hacking_Tutorials | 2022-05-18
This issue isn’t fixed yet in some cases -> https://github.com/bitbrute/evillimiter/issues/123 But i guess they are working on it. Here are some similar programs I would recommend NetStalker tuxcut there’s also a windows version for Evillimiter Evillimiter-windows. Hope this helps if you have any other questions feel free to dm.
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security ResourcesProject mention: Lockdoor Framework 2.3 release, a penetration testing framework | reddit.com/r/cybersecurity | 2021-06-16
Check the website here
online port scan scraperProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
Open-Source Ransomware As A Service for Linux, MacOS and WindowsProject mention: how to implement - RAASNET: RANSOMWARE | reddit.com/r/hacking | 2021-08-08
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.Project mention: How to keep a SOC on their toes | reddit.com/r/AskNetsec | 2021-11-18
Python Pentesting related posts
Is drozer still relevant for mobile pentest?
1 project | reddit.com/r/netsecstudents | 13 May 2022
3 projects | reddit.com/r/hklbgd | 29 Apr 2022
Implied Trust Relationship Exploitation - Redbot Security
1 project | reddit.com/r/NetworkHacks | 30 Apr 2022
JFScan is alternative for Naabu and Rustscan
1 project | news.ycombinator.com | 21 Apr 2022
DAMN WIFI IS SO SLOW
1 project | reddit.com/r/teenagers | 20 Apr 2022
Moving from Web application pentesting to mobile.
1 project | reddit.com/r/AskNetsec | 4 Apr 2022
Dome – A Subdomain Enumeration Tool
1 project | news.ycombinator.com | 30 Mar 2022
What are some of the best open-source Pentesting projects in Python? This list will help you:
Are you hiring? Post a new remote job listing for free.