Penetration Testing Python Packages

flask-unsign

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

phantom-agent

Autonomous Offensive Security Intelligence AI-powered multi-agent penetration testing

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

mockssh

Mock an SSH server and define all commands it supports (Python, Twisted)

dirsearch

Web path scanner

flask-unsign-wordlist

The following package is the standalone wordlist-only component to flask-unsign.

bane

The "bane" Python library stands out as a robust toolkit catering to a wide spectrum of cybersecurity and networking tasks. Its versatile range of functionalities covers various aspects, including bruteforce attacks, cryptographic methods, DDoS attacks, information gathering, botnet creation and management, and CMS vulnerability scanning and more..

exegol

Fully featured and community-driven hacking environment

adscan

Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.

clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

ptai

The most autonomous pentesting AI on the market. MCP server + Python agents with 150+ security tools, exploit chaining, and PoC validation.

vulnclaw

基于 AI Agent + MCP 工具链 + 渗透 Skill 编排， 配合大语言模型， 自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。

zapcli

A simple tool for interacting with OWASP ZAP from the commandline.

netcat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

slowloris

Low bandwidth DoS tool. Slowloris rewrite in Python.

ziran

自然 ZIRAN is an open-source security testing framework for AI agents. It discovers dangerous tool chain compositions via knowledge graph analysis, detects execution-level side effects (not just text output), and runs multi-phase trust exploitation campaigns that model real attacker behaviour.

stegcracker

Steganography brute-force utility to uncover hidden data inside files

faradaysec

Open Source Collaborative Penetration Test and Vulnerability Management Platform https://www.faradaysec.com

reconninja

⚡ ReconNinja v8.2.1 — 38-phase recon framework for pentesters & bug bounty hunters. Subdomain enum → port scan → web recon → WAF/CORS/JS/cloud bucket detection → GitHub OSINT → CVE lookup → AI threat analysis → HTML report. Domains, IPs, CIDRs, target lists. Plugin system. 598 tests.

wasm-tools

A WebAssembly parser and disassembler in python.

numasec

AI agent for penetration testing. Like Claude Code, but for security. Open source, MCP-native, works with any LLM.

fsociety

A Modular Penetration Testing Framework

pwncat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

habu

Hacking Toolkit