PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Pentest Python Packages

Python packages with the GitHub topic pentest. Sorted by relevance, with stars and monthly downloads.
mBouamama
myjwt

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

51K 137 19
sensepost
objection

📱 objection - runtime mobile exploration

37K 9K 983
gusta-ve
hickok

Reverse-shell handler & post-exploitation: multi-listener PTY console, payload generation, and a full SQL injection engine (union/boolean/time, native Tor). Python, no core deps.

26K 0 0
gusta-ve
wraith-sec

Pipeline-based offensive security scanner: recon and web vuln testing (XSS/SQLi/IDOR/BAC), every finding double-confirmed. Python, no core deps.

18K 0 0
PurpleAILAB
decepticon

Autonomous Hacking Agent for Red Team

14K 5K 890
PurpleAILAB
decepticon-sdk

Autonomous Hacking Agent for Red Team

14K 5K 890
PurpleAILAB
decepticon-core

Autonomous Hacking Agent for Red Team

13K 5K 890
qeeqbox
social-analyzer

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

10K 23K 2K
ra1nb0rn
search-vulns

A modular tool to search for known vulnerabilities, exploits and more across various data sources

6K 92 15
gusta-ve
deadwood-sec

A self-hosted, leveled web-security range (tutorial → impossible) — the practice town for wraith & hickok. Intentionally vulnerable; localhost only.

5K 0 0
cytopia
netcat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

3K 2K 216
laluka
bypass-url-parser

bypass-url-parser

3K 1K 122
mrhenrike
wfh-wordlist

The most comprehensive wordlist generation toolkit for pentest, red team, and security research. 25 subcommands: charset, profile, corp-users, default-creds, password-dna, DNS fuzzing, web scraping, ISP keygen, ICS/SCADA credentials, ML training, pipal analysis, and more. Python 3.8+ | pip install wfh-wordlist

3K 9 3
GoSecure
pyrdp-mitm

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

3K 2K 275
the-useless-one
pywerview

A (partial) Python rewriting of PowerSploit's PowerView

3K 1K 129
SecDev-Lab
wish-models

Your Wish, Our Command

3K 15 1
yeswehack
ywh2bt

YesWeHack BugTracker

3K 21 7
infobyte
faraday-cli

Faraday's Command Line Interface

3K 52 22
bryanflowers
wpsecscan

Defensive WordPress security scanner. 200+ checks, 8-source nightly CVE aggregator, AI-assisted remediation (BYO key), 15 compliance frameworks (OWASP/PCI/NIST/ISO/HIPAA/SOC2/HITRUST/CMMC), Sigstore-signed releases with SLSA L3 provenance, 10 threat-intel feeds (KEV/EPSS/Exploit-DB/ATT&CK/STIX/MISP/OTX/GreyNoise), continuous monitors, consent-gated exploit verification, multi-tenant RBAC/SSO/audit-log enterprise mode, 12 report formats. Authorized testing only.

2K 1 1
ksg97031
frida-gadget

Automated tool for patching APKs to enable the use of Frida gadget by downloading the library and injecting code into the main activity.

2K 429 53
ihebski
defaultcreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

2K 7K 777
infobyte
faraday-agent-dispatcher

Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.

1K 48 18
ICWR-TEAM
r-ascan

Dynamic web security scanner with normalized JSON and HTML reporting

1K 5 2
Matbe34
py-nessus-pro

A python implemetation for managing Nessus Professional. It provides support for launching, configuring, monotoring and reporting for scans.

1K 6 4
    • Data from PyPI, GitHub, ClickHouse, and BigQuery