Penetration Testing Python Packages

flask-unsign

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

dirsearch

Web path scanner

phantom-agent

Autonomous Offensive Security Intelligence - AI-powered penetration testing

mockssh

Mock an SSH server and define all commands it supports (Python, Twisted)

flask-unsign-wordlist

The following package is the standalone wordlist-only component to flask-unsign.

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

exegol

Fully featured and community-driven hacking environment

ptai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

bane

This Python library offers a comprehensive set of tools for various cybersecurity and networking tasks. Its functionalities encompass diverse capabilities such as bruteforce attacks, cryptographic methods, DDoS attacks, information gathering, botnet creation and management, CMS vulnerability scanning, network discovery, vulnerability scanning, useful modules for common tasks, web page analyzers, and proxy utilities making it a powerful toolkit for cybersecurity professionals and network administrators.

clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

adscan

Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.

netcat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

zapcli

A simple tool for interacting with OWASP ZAP from the commandline.

reconninja

38-phase automated reconnaissance framework for security researchers

faradaysec

Open Source Vulnerability Management Platform

vulnclaw

基于 AI Agent + MCP 工具链 + 渗透 Skill 编排， 配合大语言模型， 自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。

slowloris

Low bandwidth DoS tool. Slowloris rewrite in Python.

stegcracker

Steganography brute-force utility to uncover hidden data inside files

ansede-static

Ansede Static: Next-Gen SAST Engine — Fast, Offline, Security for Modern Codebases Detect critical security vulnerabilities and code quality issues in Python, JavaScript, and TypeScript projects with a single command. No dependencies, no cloud, no setup—just download, unzip, and scan any folder instantly.

wasm-tools

A WebAssembly parser and disassembler in python.

fsociety

A Modular Penetration Testing Framework

ziran

自然 ZIRAN is an open-source security testing framework for AI agents. It discovers dangerous tool chain compositions via knowledge graph analysis, detects execution-level side effects (not just text output), and runs multi-phase trust exploitation campaigns that model real attacker behaviour.

knock-subdomains

Knock Subdomain Scan

autopwn-suite

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.