Pentesting Python Packages

androguard

Reverse engineering and pentesting for Android applications

fake-http-header

A python package to generate random request fields for a http header.

bbot

The recursive internet scanner for hackers. 🧡

maigret

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

sqlmap

Automatic SQL injection and database takeover tool

sherlock-project

Hunt down social media accounts by username across social networks

flask-unsign

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

radixtarget

RadixTarget is a performant radix implementation designed for quick lookups of IP addresses/networks and DNS hostnames.

myjwt

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

ciphey

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

dirsearch

Web path scanner

flask-unsign-wordlist

The following package is the standalone wordlist-only component to flask-unsign.

opendoor

OpenDoor — OWASP Web Directory Scanner

filelock-lts

Filelock LTS: Security patches for CVEs and long-term support for unsupported Python versions (3.7-3.9).

social-analyzer

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

secator

secator - the pentester's swiss knife

exegol

Fully featured and community-driven hacking environment

adscan

Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.

ptai

The most autonomous pentesting AI on the market. MCP server + Python agents with 150+ security tools, exploit chaining, and PoC validation.

agentseal

Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks, test prompt injection resistance, and audit live MCP servers for tool poisoning.

zapcli

A simple tool for interacting with OWASP ZAP from the commandline.

gallia

Extendable Pentesting Framework

netcat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)