PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Penetration Testing Python Packages

Python packages with the GitHub topic penetration-testing. Sorted by relevance, with stars and monthly downloads.
Paradoxis
flask-unsign

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

101K 652 47
maurosoria
dirsearch

Web path scanner

30K 14K 2K
Paradoxis
flask-unsign-wordlist

The following package is the standalone wordlist-only component to flask-unsign.

23K 44 13
ncouture
mockssh

Mock an SSH server and define all commands it supports (Python, Twisted)

22K 130 25
dalisecurity
fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

13K 50 4
appthreat
wasm-tools

A WebAssembly parser and disassembler in python.

8K 0 0
nikitastupin
clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

7K 1K 134
Usta0x001
phantom-agent

Autonomous Offensive Security Intelligence AI-powered multi-agent penetration testing

6K 15 4
0xSteph
ptai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

6K 1K 242
Unclecheng-li
vulnclaw

基于 AI Agent + MCP 工具链 + 渗透 Skill 编排, 配合大语言模型, 自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。

6K 2K 245
ADscanPro
adscan

Active Directory pentesting tool for Linux. Automated Kerberoasting, AS-REP Roasting, ADCS/ESC exploitation, DCSync, BloodHound integration, and 40+ AD attack paths. ENS Alto / NIS2 / ISO 27001 compliance reports. No Windows required.

5K 470 50
ThePorgs
exegol

Fully featured and community-driven hacking environment

5K 3K 280
taoq-ai
ziran

自然 ZIRAN is an open-source security testing framework for AI agents. It discovers dangerous tool chain compositions via knowledge graph analysis, detects execution-level side effects (not just text output), and runs multi-phase trust exploitation campaigns that model real attacker behaviour.

4K 9 2
AlaBouali
bane

The "bane" Python library stands out as a robust toolkit catering to a wide spectrum of cybersecurity and networking tasks. Its versatile range of functionalities covers various aspects, including bruteforce attacks, cryptographic methods, DDoS attacks, information gathering, botnet creation and management, and CMS vulnerability scanning and more..

4K 357 70
Grunny
zapcli

A simple tool for interacting with OWASP ZAP from the commandline.

4K 261 70
cytopia
netcat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

3K 2K 216
ssh-mitm
ssh-mitm

SSH-MITM - ssh audits made simple

3K 1K 155
getphantomsignal
phantomsignal

Open-source OSINT intelligence framework — nmap-powered port scanning with OS detection, rich CLI panels, DNS recon, tech fingerprinting, 30+ threat intel APIs, Shadow Profiler, and cyberpunk web UI. pip install phantomsignal

3K 1 0
gjhami
linksiren

Coerce Windows authentication by generating, distributing, and cleaning up poisoned files at scale.

3K 38 4
infobyte
faradaysec

Open Source Vulnerability Management Platform

3K 7K 1K
Paradoxis
stegcracker

Steganography brute-force utility to uncover hidden data inside files

3K 598 106
guelfoweb
knock-subdomains

Knock Subdomain Scan

3K 4K 882
gkbrk
slowloris

Low bandwidth DoS tool. Slowloris rewrite in Python.

3K 3K 732
fsociety-team
fsociety

A Modular Penetration Testing Framework

2K 2K 211
    • Data from PyPI, GitHub, ClickHouse, and BigQuery