Top 20 Python pentesting-tool Projects

hoaxshell

6 2,880 3.3 Python

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Project mention: ExploitToolFinder | /r/hacking | 2023-06-16

malicious-pdf

13 2,585 0.0 Python

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Project mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30

Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Lockdoor-Framework

2 1,294 2.7 Python

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
APTRS

5 770 5.0 Python

Automated Penetration Testing Reporting System
o365spray

2 670 5.6 Python

Username enumeration and password spraying tool aimed at Microsoft O365.

Project mention: o365Spray Attack Respond Rule | /r/SaaSy_MSP_Community | 2023-06-13

o365Spray is a python script that can be used to password spray attack Microsoft 365 email accounts very efficiently. Here is the link to the script: https://github.com/0xZDH/o365spray

SSTImap

5 644 3.1 Python

Automatic SSTI detection and exploitation tool with interactive interface
jwtXploiter

3 257 0.0 Python

A tool to test security of json web token
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
crimson

1 212 8.0 Python

Web Application Security Testing Tools
pmkidcracker

4 151 3.8 Python

A tool to crack WPA2 passphrase with PMKID value without clients or de-authentication

Project mention: Pmkidcracker - A WiFi password cracking tool without needing clients to be connected (With Explanations) | /r/Hacking_Tutorials | 2023-07-12

webstor

5 149 2.8 Python

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.
ParaForge

3 134 2.7 Python

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

Project mention: ParaForge: A BurpSuite extension to create a custom word list of endpoints and parameters for enumeration and fuzzing | /r/cybersecurity | 2023-06-30

mediator

5 97 7.3 Python

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding. (by lawndoc)
Simple-Async-Port-Scanner

1 85 1.4 Python

A simple asynchronous TCP/IP Connect Port Scanner in Python 3
Subcert

2 77 1.8 Python

Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
MobSecco

3 59 6.0 Python

Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins

Project mention: MobSecco: A tool for Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins | /r/cybersecurity | 2023-07-02

xira

1 59 0.0 Python

xss vulnerability scanner and input fuzzing tool.
RedDrop

1 55 0.0 Python

RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.
Crowbar

1 36 5.0 Python

A windows post exploitation tool that contains a lot of features for information gathering and more. (by 0x1CA3)
MIXON

1 15 0.0 Python

Next generation cyber security research and testing software.
NotesToCommands

2 5 0.0 Python

NotesToCommands is a powerful command template experience, allowing users to instantly execute terminal commands, with varying arguments, grouped into sections in a note or file. It was originally created for pentesting uses, to avoid the needed remembrance and retyping of sets of commands for various attacks.
SaaSHub

www.saashub.com sponsored

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python pentesting-tools related posts

ExploitToolFinder
2 projects | /r/hacking | 16 Jun 2023
Securing PDF Generators Against SSRF Vulnerabilities
1 project | /r/netsec | 30 May 2023
HoaxShell Beta - Integrated with RevShells.com
1 project | /r/hacking | 17 Feb 2023
Is MSF Venom - Metasploit a good investment for the long run in terms of RATs?
2 projects | /r/Hacking_Tutorials | 28 Dec 2022
Does anyone know how those YouTubers locate Indian scam call centers?
2 projects | /r/hacking | 6 Dec 2022
In need of frontend contributors for Open Source
1 project | /r/learnprogramming | 13 Nov 2022
Looking for collaborators for Open Source Project
1 project | /r/developersIndia | 12 Nov 2022
A note from our sponsor - InfluxDB
www.influxdata.com | 25 Apr 2024

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

What are some of the best open-source pentesting-tool projects in Python? This list will help you:

	Project	Stars
1	hoaxshell	2,880
2	malicious-pdf	2,585
3	Lockdoor-Framework	1,294
4	APTRS	770
5	o365spray	670
6	SSTImap	644
7	jwtXploiter	257
8	crimson	212
9	pmkidcracker	151
10	webstor	149
11	ParaForge	134
12	mediator	97
13	Simple-Async-Port-Scanner	85
14	Subcert	77
15	MobSecco	59
16	xira	59
17	RedDrop	55
18	Crowbar	36
19	MIXON	15
20	NotesToCommands	5