{"id":13492018,"url":"https://github.com/dloss/python-pentest-tools","last_synced_at":"2025-05-15T13:05:27.698Z","repository":{"id":23359379,"uuid":"26720419","full_name":"dloss/python-pentest-tools","owner":"dloss","description":"Python tools for penetration testers","archived":false,"fork":false,"pushed_at":"2025-04-14T18:45:15.000Z","size":50,"stargazers_count":2758,"open_issues_count":0,"forks_count":792,"subscribers_count":259,"default_branch":"master","last_synced_at":"2025-04-14T20:58:33.653Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dloss.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-11-16T16:42:43.000Z","updated_at":"2025-04-14T18:45:19.000Z","dependencies_parsed_at":"2022-07-14T08:18:18.523Z","dependency_job_id":null,"html_url":"https://github.com/dloss/python-pentest-tools","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dloss%2Fpython-pentest-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dloss%2Fpython-pentest-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dloss%2Fpython-pentest-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dloss%2Fpython-pentest-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dloss","download_url":"https://codeload.github.com/dloss/python-pentest-tools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254346624,"owners_count":22055808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T19:01:02.393Z","updated_at":"2025-05-15T13:05:27.672Z","avatar_url":"https://github.com/dloss.png","language":null,"readme":"Python tools for penetration testers\n====================================\n\nIf you are involved in vulnerability research, reverse engineering or\npentesting, I suggest to try out the\n[Python](http://www.python.org) programming language. It has a rich set\nof useful libraries and programs. This page lists some of them.\n\nMost of the listed tools are written in Python, others are just Python\nbindings for existing C libraries, i.e. they make those libraries easily\nusable from Python programs.\n\nSome of the more aggressive tools (pentest frameworks, bluetooth\nsmashers, web application vulnerability scanners, war-dialers, etc.) are\nleft out, because the legal situation of these tools is still a bit\nunclear in Germany -- even after the [decision of the highest\ncourt](http://www.bundesverfassungsgericht.de/entscheidungen/rk20090518_2bvr223307.html).\nThis list is clearly meant to help whitehats, and for now I prefer to\nerr on the safe side.\n\n### Network\n\n-   [Scapy](https://scapy.net): send, sniff and dissect\n    and forge network packets. Usable interactively or as a library\n-   [Impacket](http://oss.coresecurity.com/projects/impacket.html):\n    craft and decode network packets. Includes support for higher-level\n    protocols such as NMB and SMB\n-   [SMBMap](https://github.com/ShawnDEvans/smbmap): \n    enumerate Samba share drives across an entire domain\n-   [dpkt](https://github.com/kbandla/dpkt): fast, simple packet\n    creation/parsing, with definitions for the basic TCP/IP protocols\n-   [AutoRecon](https://github.com/Tib3rius/AutoRecon): Multi-threaded network reconnaissance tool\n-   [Mitm6](https://github.com/fox-it/mitm6): IPv6-based MITM tool that exploits IPv6 features to conduct man-in-the-middle attacks\n-   [Habu](https://github.com/portantier/habu): \n    python network hacking toolkit\n-   [Knock Subdomain Scan](https://github.com/guelfoweb/knock), enumerate\n    subdomains on a target domain through a wordlist\n-   [SubBrute](https://github.com/TheRook/subbrute), fast subdomain\n    enumeration tool\n-   [pypcap](https://github.com/dugsong/pypcap),\n    [Pcapy](https://github.com/helpsystems/pcapy),\n    [Pcapy-NG](https://github.com/stamparm/pcapy-ng) and\n    [libpcap](https://pypi.org/project/libpcap/): several different\n    Python bindings for libpcap\n-   [libdnet](https://github.com/ofalk/libdnet/): low-level networking\n    routines, including interface lookup and Ethernet frame transmission\n-   [Mallory](https://github.com/intrepidusgroup/mallory), extensible\n    TCP/UDP man-in-the-middle proxy, supports modifying non-standard\n    protocols on the fly\n-   [Pytbull-NG](https://github.com/netrunn3r/pytbull-ng/): flexible IDS/IPS testing\n    framework (shipped with more than 300 tests)\n-   [Spoodle](https://github.com/vjex/spoodle): A mass subdomain + poodle\n    vulnerability scanner\n-   [BloodHound.py](https://github.com/dirkjanm/BloodHound.py): Python alternative to BloodHound for AD enumeration, Mapping attack paths in AD.\n\n### Debugging and reverse engineering\n\n-   [Frida](http://www.frida.re/): A dynamic instrumentation framework which can\n    inject scripts into running processes\n-   [Capstone](http://www.capstone-engine.org/): lightweight\n    multi-platform, multi-architecture disassembly framework with Python\n    bindings\n-   [Unicorn Engine](https://www.unicorn-engine.org/): CPU emulator framework with Python bindings\n-   [Androguard](https://github.com/androguard/androguard): reverse\n    engineering and analysis of Android applications\n-   [Paimei](https://github.com/OpenRCE/paimei): reverse engineering\n    framework, includes [PyDBG](https://github.com/OpenRCE/pydbg), PIDA,\n    pGRAPH\n-   [IDAPython](https://github.com/idapython/src): IDA Pro plugin that\n    integrates the Python programming language, allowing scripts to run\n    in IDA Pro\n-   [PyEMU](hhttps://github.com/codypierce/pyemu/): fully scriptable IA-32\n    emulator, useful for malware analysis\n-   [pefile](https://github.com/erocarrera/pefile): read and work with\n    Portable Executable (aka PE) files\n-   [pydasm](https://github.com/jtpereyda/libdasm/tree/master/pydasm):\n    Python interface to the [libdasm](https://github.com/jtpereyda/libdasm/tree/master/)\n    x86 disassembling library\n-   [PyDbgEng](http://pydbgeng.sourceforge.net/): Python wrapper for the\n    Microsoft Windows Debugging Engine\n-   [diStorm](https://github.com/gdabah/distorm): disassembler library\n    for AMD64, licensed under the BSD license\n-   [python-ptrace](http://python-ptrace.readthedocs.org/):\n    debugger using ptrace (Linux, BSD and Darwin system call to trace\n    processes) written in Python\n-   [Keystone](http://www.keystone-engine.org): lightweight multi-platform,\n    multi-architecture assembler framework with Python bindings\n-   [PyBFD](https://github.com/Groundworkstech/pybfd/): Python interface\n    to the GNU Binary File Descriptor (BFD) library\n-   [CHIPSEC](https://github.com/chipsec/chipsec): framework for analyzing the\n    security of PC platforms including hardware, system firmware (BIOS/UEFI),\n    and platform components.\n-   [Ghidatron](https://github.com/mandiant/Ghidrathon): The FLARE team's open-source extension to add Python 3 scripting to Ghidra.\n\n### Fuzzing\n\n-   [afl-python](http://jwilk.net/software/python-afl): enables American fuzzy\n    lop fork server and instrumentation for pure-Python code\n-   [Sulley](https://github.com/OpenRCE/sulley): fuzzer development and\n    fuzz testing framework consisting of multiple extensible components\n-   [Peach Fuzzing Platform](https://github.com/MozillaSecurity/peach/):\n    extensible fuzzing framework for generation and mutation based\n    fuzzing (v2 was written in Python)\n-   [untidy](https://github.com/kbandla/python-untidy/): general purpose XML fuzzer\n-   [Powerfuzzer](http://www.powerfuzzer.com/): highly automated and\n    fully customizable web fuzzer (HTTP protocol based application\n    fuzzer)\n-   [Construct](http://construct.readthedocs.org/): library for parsing\n    and building of data structures (binary or textual). Define your\n    data structures in a declarative manner\n-   [Fusil](http://fusil.readthedocs.org/): Python library\n    used to write fuzzing programs\n\n### Web\n\n-   [XSStrike](https://github.com/s0md3v/XSStrike): Advanced XSS detection suite\n-   [Requests](https://requests.readthedocs.io/): elegant and simple HTTP\n    library, built for human beings\n-   [lxml](http://lxml.de/index.html): easy-to-use library for processing XML and HTML; similar to Requests\n-   [HTTPie](http://httpie.org): human-friendly cURL-like command line\n    HTTP client\n-   [Twill](https://twill-tools.github.io/twill/): browse the Web from a command-line\n    interface. Supports automated Web testing\n-   [FunkLoad](https://github.com/nuxeo/FunkLoad): functional and load web\n    tester\n-   [spynner](https://github.com/makinacorpus/spynner): Programmatic web\n    browsing module for Python with Javascript/AJAX support\n-   [mitmproxy](http://mitmproxy.org/): SSL-capable, intercepting HTTP\n    proxy. Console interface allows traffic flows to be inspected and\n    edited on the fly\n-   [spidy](https://github.com/rivermont/spidy/): simple command-line web crawler with page downloading and word scraping\n-   [https://github.com/TrixSec/waymap](Waymap): web vulnerability scanner built for penetration testers\n\n\n### Forensics\n\n-   [Volatility](http://www.volatilityfoundation.org/):\n    extract digital artifacts from volatile memory (RAM) samples\n-   [Rekall](https://github.com/google/rekall):\n    memory analysis framework developed by Google\n-   [TrIDLib](http://mark0.net/code-tridlib-e.html), identify file types\n    from their binary signatures. Now includes Python binding\n\n### Malware analysis\n\n-   [pyew](https://github.com/joxeankoret/pyew): command line hexadecimal\n    editor and disassembler, mainly to analyze malware\n-   [Exefilter](https://github.com/decalage2/exefilter): filter file formats\n    in e-mails, web pages or files. Detects many common file formats and\n    can remove active content\n-   [jsunpack-n](https://github.com/urule99/jsunpack-n), generic\n    JavaScript unpacker: emulates browser functionality to detect\n    exploits that target browser and browser plug-in vulnerabilities\n-   [yara-python](https://github.com/VirusTotal/yara-python):\n    identify and classify malware samples\n-   [phoneyc](https://github.com/honeynet/phoneyc): pure Python\n    honeyclient implementation\n-   [CapTipper](https://github.com/omriher/CapTipper): analyse, explore and\n    revive HTTP malicious traffic from PCAP file\n-   [Cuckoo](https://github.com/cuckoosandbox/cuckoo): Automated malware analysis system\n-   [CAPE](https://github.com/kevoreilly/CAPEv2): Malware configuration and payload extraction\n\n### PDF\n\n-   [pdfminer.six](https://github.com/pdfminer/pdfminer.six):\n    extract text from PDF files\n-   [peepdf-3](https://github.com/digitalsleuth/peepdf-3):\n    Python tool to analyse and explore PDF files to find out if they can be harmful\n-   [Didier Stevens' PDF\n    tools](http://blog.didierstevens.com/programs/pdf-tools): analyse,\n    identify and create PDF files\n-   [pyPDF](https://pypdf.readthedocs.io/): pure Python PDF toolkit: extract\n    info, spilt, merge, crop, encrypt, decrypt...\n\n### Misc\n\n-   [Angr](https://github.com/angr/angr): Powerful binary analysis framework for vulnerability research and exploit development\n-   [ScoutSuite](https://github.com/nccgroup/ScoutSuite): Multi-cloud security auditing tool\n-   [Exomind](https://github.com/jio-gl/exomind):\n    framework for building decorated graphs and developing open-source\n    intelligence modules and ideas, centered on social network services,\n    search engines and instant messaging\n-   [simplejson](https://github.com/simplejson/simplejson/): JSON\n    encoder/decoder, e.g. to use [Google's AJAX\n    API](http://dcortesi.com/2008/05/28/google-ajax-search-api-example-python-code/)\n-   [PyMangle](http://code.google.com/p/pymangle/): command line tool\n    and a python library used to create word lists for use with other\n    penetration testing tools\n-   [Hachoir](https://hachoir.readthedocs.io/en/latest/): view and\n    edit a binary stream field by field \n-   [py-mangle](http://code.google.com/p/pymangle/): command line tool\n    and a python library used to create word lists for use with other\n    penetration testing tools\n-   [wmiexec.py](https://github.com/CoreSecurity/impacket/blob/master/examples/wmiexec.py):\n    execute Powershell commands quickly and easily via WMI\n-   [Pentestly](https://github.com/praetorian-inc/pentestly):\n    Python and Powershell internal penetration testing framework\n-   [hacklib](https://github.com/leonli96/python-hacklib):\n    Toolkit for hacking enthusiasts: word mangling, password guessing,\n    reverse shell and other simple tools\n-   [Certipy](https://github.com/ly4k/Certipy): Active Directory Certificate Services enumeration and abuse tool\n-   [BloodHound.py](https://github.com/fox-it/BloodHound.py): Python-based BloodHound ingestor for Active Directory security assessment\n\n\n### Other useful libraries and tools\n\n-   [Project Jupyter](https://jupyter.org): enhanced interactive \n    shell with many features for object introspection, system shell\n    access, and its own special command system\n-   [Beautiful Soup](http://www.crummy.com/software/BeautifulSoup/):\n    HTML parser optimized for screen-scraping\n-   [matplotlib](https://matplotlib.org): make 2D plots of\n    arrays\n-   [Mayavi](http://code.enthought.com/projects/mayavi/): 3D scientific\n    data visualization and plotting\n-   [RTGraph3D](http://www.secdev.org/projects/rtgraph3d/): create\n    dynamic graphs in 3D\n-   [Twisted](http://twistedmatrix.com/): event-driven networking engine\n-   [Suds](https://github.com/suds-community/suds): lightweight SOAP client for\n    consuming Web Services\n-   [NetworkX](https://networkx.org): graph library (edges, nodes)\n-   [Pandas](http://pandas.pydata.org/): library providing\n    high-performance, easy-to-use data structures and data analysis\n    tools\n-   [pyparsing](https://pypi.org/project/pyparsing/): general parsing\n    module\n-   [lxml](http://lxml.de/): most feature-rich and easy-to-use library\n    for working with XML and HTML in the Python language\n-   [Whoosh](https://github.com/whoosh-community/whoosh): fast, featureful\n    full-text indexing and searching library implemented in pure Python\n-   [Pexpect](https://github.com/pexpect/pexpect): control and automate\n    other programs, similar to Don Libes \\`Expect\\` system\n-   [SikuliX](https://sikulix.github.io/docs/scripts/python/), visual technology\n    to search and automate GUIs using screenshots. Scriptable in\n-   [PyQt](http://www.riverbankcomputing.co.uk/software/pyqt) and\n    [PySide](http://www.pyside.org/): Python bindings for the Qt\n    application framework and GUI library\n\n### Books\n\n-   [Violent Python](https://www.elsevier.com/books/violent-python/unknown/978-1-59749-957-6) by TJ O'Connor. A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers\n-   [Grey Hat Python](http://www.nostarch.com/ghpython.htm) by Justin Seitz: \n    Python Programming for Hackers and Reverse Engineers.\n-   [Black Hat Python](http://www.nostarch.com/blackhatpython) by Justin Seitz:\n    Python Programming for Hackers and Pentesters\n-   [Python Penetration Testing Essentials](https://github.com/PacktPublishing/Python-Penetration-Testing-Essentials-Second-Edition) by Mohit:\n    Employ the power of Python to get the best out of pentesting\n-   [Python for Secret Agents](https://www.packtpub.com/en-us/product/python-for-secret-agents-volume-ii-9781785283406) by Steven F. Lott. Analyze, encrypt, and uncover intelligence data using Python\n-   [Python Web Penetration Testing Cookbook](https://www.packtpub.com/en-us/product/python-web-penetration-testing-cookbook-9781784399900) by Cameron Buchanan et al.: Over 60 Python recipes for web application testing\n-   [Learning Penetration Testing with Python](https://www.packtpub.com/en-us/product/learning-penetration-testing-with-python-9781785289552) by Christopher Duffy: Utilize Python scripting to execute effective and efficient penetration tests\n-   [Python Forensics](http://www.sciencedirect.com/science/book/9780124186767) by Chet Hosmer:\n    A Workbench for Inventing and Sharing Digital Forensic Technology\n-   [The Beginner's Guide to IDAPython](https://leanpub.com/IDAPython-Book) by Alexander Hanel\n-   [Python for Offensive PenTest: A Practical Guide to Ethical Hacking and Penetration Testing Using Python](https://www.amazon.com/Python-Offensive-PenTest-practical-penetration/dp/1788838971) by Hussam Khrais\n\n### More stuff\n\n-   [SecurityTube Python Scripting Expert (SPSE)](https://github.com/ioef/SPSE/) is an online course and certification offered by Vivek Ramachandran.\n-   SANS offers the course [SEC573: Automating Information Security with Python](https://www.sans.org/cyber-security-courses/automating-information-security-with-python/).\n-   There is a SANS paper about Python libraries helpful for forensic analysis\n    [(PDF)](http://www.sans.org/reading_room/whitepapers/incident/grow-forensic-tools-taxonomy-python-libraries-helpful-forensic-analysis_33453).\n-   For more Python libaries, please have a look at\n    [PyPI](http://pypi.python.org/pypi), the Python Package Index.\n","funding_links":[],"categories":["Others","Awesome Lists","Awesome Penetration Testing (\"https://github.com/Muhammd/Awesome-Pentest\")","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Online Resources","Useful Resources","Penetration Testing"],"sub_categories":["Defcon Suggested Reading","Awesome Lists","Other Lists Online","Other Lists"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdloss%2Fpython-pentest-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdloss%2Fpython-pentest-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdloss%2Fpython-pentest-tools/lists"}