Python Redteam

Open-source Python projects categorized as Redteam

Top 23 Python Redteam Projects

  • PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

    Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

  • sherlock

    🔎 Hunt down social media accounts by username across social networks

    Project mention: Checking all accounts associated with my email address? | /r/PrivacySecurityOSINT | 2023-11-12

    In the interest of cleaning my digital life a bit I really want to delete all of my old accounts that I no longer use. The terminal application "Sherlock" on github can search for instances of a username you input and find associated websites. Sherlock

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • dirsearch

    Web path scanner

    Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

    I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

  • theHarvester

    E-mails, subdomains and names Harvester - OSINT

    Project mention: Search for sensitive data using theHarvester and h8mail tools | dev.to | 2023-12-01
  • Villain

    Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

  • snoop

    Snoop — инструмент разведки на основе открытых данных (OSINT world)

    Project mention: Osint update of the Snoop Project tool search for user by nickname | news.ycombinator.com | 2024-01-02
  • malicious-pdf

    💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

    Project mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30

    Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • macro_pack

    macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

  • 100-redteam-projects

    Projects for security students

    Project mention: Any Projects For Ethical Hacking? | /r/ethicalhacking | 2023-06-21
  • Lockdoor-Framework

    🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

  • PlumHound

    Bloodhound for Blue and Purple Teams

    Project mention: Dealing with large BloodHound datasets | dev.to | 2023-12-06

    Name Description Url BloodHound BloodHound GUI https://github.com/BloodHoundAD/BloodHound/ PlumHound Generate a report with actions to resolve the security flaws in the Active Directory configuration https://github.com/DefensiveOrigins/PlumHound/ GoodHound GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. https://github.com/idnahacks/GoodHound/ BlueHound Tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network. https://github.com/zeronetworks/BlueHound/

  • sam-the-admin

    Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

  • VcenterKit

    Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

    Project mention: VcenterKit: Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit | /r/blueteamsec | 2023-08-26
  • SlackPirate

    Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

  • Octopus

    Open source pre-operation C2 server based on python and powershell

  • overlord

    Overlord - Red Teaming Infrastructure Automation (by qsecure-labs)

  • Spoofy

    Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

  • GTFONow

    Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

  • emploleaks

    An OSINT tool that helps detect members of a company with leaked credentials

    Project mention: Emploleaks: Retrieving information from employees and finding leaked passwords | news.ycombinator.com | 2023-08-10
  • Dome

    Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. (by v4d1)

  • GoodHound

    Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

    Project mention: Dealing with large BloodHound datasets | dev.to | 2023-12-06

    Name Description Url BloodHound BloodHound GUI https://github.com/BloodHoundAD/BloodHound/ PlumHound Generate a report with actions to resolve the security flaws in the Active Directory configuration https://github.com/DefensiveOrigins/PlumHound/ GoodHound GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. https://github.com/idnahacks/GoodHound/ BlueHound Tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network. https://github.com/zeronetworks/BlueHound/

  • PivotSuite

    Network Pivoting Toolkit

  • LOOBins

    Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.

    Project mention: LOOBins | news.ycombinator.com | 2023-05-25

    I’m excited to announce the release of Living Off the Orchard: macOS Binaries (LOOBins)!

    LOOBins is a resource designed to help cybersecurity professionals and researchers understand and defend against the potential risks associated with binaries built into macOS.

    https://loobins.io

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-01-02.

Python Redteam related posts

Index

What are some of the best open-source Redteam projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 56,138
2 sherlock 50,642
3 dirsearch 11,086
4 theHarvester 10,182
5 Villain 3,526
6 snoop 2,640
7 malicious-pdf 2,585
8 macro_pack 1,997
9 100-redteam-projects 1,729
10 Lockdoor-Framework 1,287
11 PlumHound 1,001
12 sam-the-admin 949
13 VcenterKit 883
14 SlackPirate 711
15 Octopus 706
16 overlord 606
17 Spoofy 518
18 GTFONow 479
19 emploleaks 476
20 Dome 451
21 GoodHound 438
22 PivotSuite 417
23 LOOBins 381
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com