Open Source Python Penetration Testing Tools - Page 2
Sort By:
Python Penetration Testing Tools
View 129 business solutionsBrowse free open source Python Penetration Testing Tools and projects below. Use the toggles on the left to filter open source Python Penetration Testing Tools by OS, license, language, programming language, and project status.
-
Easy management of simple and complex projectsPlan more projects with Worksection. Use Gantt chart and Kanban boards to organize your projects, get your team onboard and assign tasks and due dates.
-
Endpoint Protection Software for Businesses | HYPERSECUREThe HYPERSECURE endpoint protection platform is a comprehensive suite of products and services enhanced by European third-party solutions. It ensures our customers’ IT security, regulatory compliance, and digital sovereignty.
-
1
imgp
Multi-core image resizer and rotator. Go crunch 'em!
imgp is a command line image resizer and rotator for JPEG and PNG images. If you have tons of images you want to resize adaptively to a screen resolution or rotate by an angle using a single command, imgp is the utility for you. It can save a lot on storage too. Powered by multiprocessing, an intelligent adaptive algorithm, recursive operations, shell completion scripts, EXIF preservation (and more), imgp is a very flexible utility with well-documented easy to use options. imgp intends to be a stronger replacement of the Nautilus Image Converter extension, not tied to any file manager and way faster. On desktop environments (like Xfce or LxQt) which do not integrate Nautilus, imgp will save your day. -
2
netool toolkit 4.6
MitM pentesting opensource toolkit
Operative Systems Suported are: Linux-ubuntu, kali-linux, backtack-linux (un-continued), freeBSD, Mac osx (un-continued) Netool its a toolkit written using 'bash, python, ruby' that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet), also uses macchanger to decoy scans changing the mac address. Rootsector module allows you to automate some attacks over DNS_SPOOF + MitM (phishing - social engineering) using metasploit, apache2 and ettercap frameworks. Like the generation of payloads, shellcode, backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage. recent as introducted the scanner inurlbr (by cleiton) -
3
Digna Web Scanner
A tool to check web apps for vulnerabilty
This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. Insecure Direct Object References (IDOR): Scans for vulnerabilities that might enable attackers to access unauthorized data by manipulating direct object references. Open Ports: Detects open ports on the target web server to understand its potential attack surface. Content Security Policy (CSP): Checks if the website has a properly configured CSP to mitigate XSS and other injection RCE -
4
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
-
Securing the Cloud Made EasyDesigned for organizations operating in the cloud who need complete, centralized visibility of their entire cloud estate and want more time and resources dedicated to remediating the actual risks that matter, Orca Security is an agentless cloud Security Platform that provides security teams with 100% coverage their entire cloud environment.
-
5
The_Deck_Linux
Portable Penetration Testing Operating System
It is an Portable Penetration Testing Operating System designed for Beagle Bone AI. It is an debian based operating system fully packed with all latest Hacking Tools. The Root file system used in this Deck Linux is Ubuntu 20.04 LTS. It can be installed in Beagle Board AI and can use as a replacement for Laptop, Desktop. It can be placed on a drone too. It has a pre-installed MeshDeck (written by Philip Polstra) so it can be runned in a ZigBee network. We can attacks from up to a mile away using multiple devices connected via 802.15.4 networking (MeshDeck). -
6
Build by Rajib Acharyya(Spid3r64) ANONIMITY Metasploit Armitage Cobalt Strike & veil WIRELESS SECURITY SNIFFERS PYTHON,PERL & RUBY FORENSICS BRUTE FORCE & DDOS ANDROID TOOLS Based on : Ubuntu 12.04 LTS(32bit) (Custom Backbox) user:root pass:india Kernel version =>3.8.0-29 generic Desktop environment's => xfce,conky,Docky Version 1.0(full) Extra Softwares inbuilt => Skype,Virtualbox,Filezila,Chromium Browser,XDM(Xtreme Download Manager) ,Gimp,Python...many more Credit List: Pedro Ubuntu(r00tsect0r) For Netool.sh Asif Iqbal (cobalt strike) w0lf3nst3in3 Rohit Verma(Startx) Navonil Sanpui(M3ghnath) Team BHS
-
7
BashCore
A custom Debian live ISO with security tools, no GUI, only Bash.
BashCore is a Debian-based live ISO for security, networking, and learning. CLI-only, Bash-driven, lightweight, GPU-ready, with optional PREEMPT_RT kernel. Fresh environment on every boot, ideal for safe experimentation. Also available: BashCoreX (XFCE GUI) BashCoreT (Trixie CLI, Linux 6.12) BashCoreTX (Trixie XFCE) BashCoreZ (ultra-minimal CLI) BashLabOS (XFCE, daily use & privacy tools) BashCoreGee (GNOME, installable via Calamares) Info: https://www.bashcore.org -
8
HackShark Linux
Lightweight Linux distro for penetration testing
Based on MATE environment HackShark Linux is a lightweight distribution for penetration testing, cyber forensic investigation and vulnerability assessment purpose. -
9
WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste
-
Online Project Management Platform - ZohoZoho Projects is a cloud-based project management solution that helps teams plan, track, collaborate, and achieve project goals.
-
10
cracking-actions
a bruteforcer that can crack variety of files such as zip,rar & more
cracking-actions is an open source software that allows you to crack passwords, files, etc... ,it targets windows and linux -
11
sapyto is the first public SAP Penetration Testing Framework, enabling security consultants and system administrators to assess the security of SAP deployments in an organization.
-
12
To use this tool, you need to have WinRar installed at the path "C:\Program Files\WinRAR" (which is typically set by default). Alternatively, you can have 7z installed at the path "C:\Program Files\7-Zip" (this is usually set by default as well). Please note that if you only have 7z installed, you will not be able to extract .rar files, but only .zip or .7z files. This tool is primarily designed to extract files from password-protected Rar/Zip/7z archives, although it also works on unprotected archives. You can extract one or more archives of different types at a time. It is important to note that the passwords must be known; this is NOT a "cracking software" or "password recovery tool."
-
13
MrFish
A anti-phishing Python script with headers and proxies!
MrFish is a powerful tool designed to automate the creation of fake account submissions for phishing tests and vulnerability assessments. With the ability to generate random usernames, passwords, and even credit card data, it simulates real user behavior to help test the security of online forms. Featuring customizable settings for proxy support, user inputs (email or username), and multiple threads for speed, MrFish provides an efficient way to stress-test web servers and form-handling systems. It's ideal for security researchers looking to automate the process of probing online platforms for vulnerabilities while maintaining anonymity. Please use responsibly and ensure compliance with all applicable laws and ethical guidelines when using MrFish for testing purposes. -
14
Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembl
-
15
BlackMamba
C2/post-exploitation framework
Black Mamba is a Command and Control (C2) that works with multiple connections at same time. It was developed with Python and with Qt Framework and have multiple features for a post-exploitation step. -
16
Break The Security Linux
Break The Security Linux is a Penetration testing OS based on Ubuntu
Break The Security Linux is a Penetration testing OS based on Ubuntu 12.04. It has friendly user interface and latest penetration testing tools. -
17
Cifrario di Cesare-Brute force
Brute force su testi crittografati con il cifrario di Cesare.
Questo software permette di decrittografare testi crittografati con il cifrario di Cesare tentando tutte le combinazioni possibili. -
18
CrunchPwn
Lightweight Debian Based Pen Testing Linux Distro
#Pwn Linux (pronounced CrunchPwn) is a penetration testing repository/addition for CrunchBang Linux. The packages also work with any Debian Wheezy compliant system. Default themes are built specifically for OpenBox, but feel free to submit themes for various windows managers. Pull requests are gladly accepted, and requests for tools can be made by opening an issue on github or on sourceforge. -
19
A daemon that creates realtime dynamic, expirable iptables rules to block/drop IP addresses attempting brute-force breakin attacks on a linux host via ssh or other mechanism. Highly customizable and extensible.
-
20
Simple CGI script which allows you to transfer sensitive ascii data (passwords, hashes, pem keys) via HTTPS. SSL MUST BE implemented by webserver. Algorithm: - Paste new data into textarea, submit. You get link Link consists of three md5 hashes from salt. File, containing your data, named that way. So, it is hard to bruteforce links/files. - Whenever link being opened, script reads file and prints its content into brower in text/plain content-type. Afterthat, script removes file. So one link doesn't work twice and you can securely paste it everywhere. Prefered deployment schema: Nginx + SSL as front Apache + CGI + script as backend
-
21
Intersect Framework
Post-Exploitation Framework
Post-exploitation framework written in Python. Aims to assist penetration testers in building scripts and automating many post-exploitation, information gathering and data exfiltration tasks. -
22
Jack the Stripper
Perform automated MITM (Man In The Middle) attacks.
ENGLISH: Jack the Stripper uses iptables, Ettercap and SSLStrip to intercept data between two connected targets (IP addresses). The victims's ARP tables must be poisoned by Ettercap, that means Jack the Stripper works only on local networks. PORTUGUÊS: Jack The Stripper utiliza iptables, Ettercap e SSLStrip para interceptar dados entre dois alvos (endereços IP) interconectados. As tabelas ARP das vítimas devem ser envenenadas pelo Ettercap, isso significa que Jack The Stripper funciona apenas em redes locais. -
23
MITMf
Framework for Man-In-The-Middle attacks
MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely rewritten from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack. The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass. As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what better filters did, only better), allowing users to modify any type of traffic or protocol. The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework. -
24
Motinha
Information Gathering and Network Exploitation Framework
Motinha is a Simple Information Gathering and Network Exploitation Framework coded in Python. Here we have a bridge between the final user and the most futurists’ tools on the Internet to find juice info around any network, website, domain, company or persons and in some cases exploit some features to have fun , now let’s Shut Up And Hack! -
25
Offensive Web Testing Framework
Offensive Web Testing Framework (OWTF), is a framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to see the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing on seemingly risky areas. Demonstrate true impact despite the short timeframes we are typically given to test. The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. OWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives).
