Python: Penetration Testing Open Source project

Source: Internet
Author: User
Tags git workflow imap soap client text to json volatile wrapper

SQL Injection Tool: Sqlmap
DNS Security monitoring: Dnsrecon
Brute Force test Tool: Patator
XSS Vulnerability exploit tool: Xsser

Web Server Stress test tool: HULK

SSL Security Scanner: Sslyze

Scapy:send, Sniff and dissect and forge network packets. Usable interactively or as a library

Pypcap, pcapy and pylibpcap:several different Python bindings for Libpcap

Libdnet:low-level networking routines, including interface lookup and Ethernet frame transmission

Dpkt:fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols

Impacket:craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB

Pynids:libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection

Dirtbags py-pcap:read pcap files without libpcap

Flowgrep:grep through packet payloads using regular expressions

Knock subdomain Scan, enumerate subdomains on a target domain through a wordlist

Mallory, extensible tcp/udp Man-in-the-middle Proxy, supports modifying non-standard protocols on the fly

Pytbull:flexible ids/ips Testing Framework (shipped with more than)

Commissioning and reverse engineering
Paimei:reverse Engineering Framework, includes PYDBG, PIDA, pgraph

Immunity debugger:scriptable GUI and command line Debugger for Immunity Debugger This replaces and improves on PVEFINDADDR

Idapython:ida Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro

pyemu:fully scriptable IA-32 emulator, useful for malware analysis

Pefile:read and work with portable executable (aka PE) files

Pydasm:python interface to the LIBDASM x86 disassembling library

Pydbgeng:python wrapper for the Microsoft Windows debugging Engine

Uhooker:intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory

Distorm:disassembler Library for AMD64, licensed under the BSD license

Python-ptrace:debugger using Ptrace (Linux, BSD and Darwin system call-to-trace processes) written in Python

Vdb/vtrace:vtrace is a Cross-platform process debugging APIs implemented in Python, and VDB are a debugger which uses it

Androguard:reverse Engineering and analysis of Android applications

Sulley:fuzzer Development and fuzz testing framework consisting of multiple extensible components

Peach fuzzing platform:extensible fuzzing framework for generation and mutation based Fuzzing (v2 is written in Python)

Antiparser:fuzz testing and fault injection API

Taof, (the Art of fuzzing) including Proxyfuzz, a man-in-the-middle non-deterministic network Fuzzer

Untidy:general Purpose XML Fuzzer

Powerfuzzer:highly automated and fully customizable Web Fuzzer (HTTP protocol based application Fuzzer)


Mistress:probe file formats on the fly and protocols with malformed data, based on pre-defined patterns

Fuzzbox:multi-codec Media fuzzer

Forensic fuzzing tools:generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to T EST the robustness of forensics tools and examination systems

Windows IPC fuzzing Tools:tools used to fuzz applications this use Windows interprocess communication mechanisms

Wsbang:perform automated security testing of SOAP based Web services

Construct:library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner (Feliam): Simple Fuzzer by Felipe Andres Manzano

Fusil:python library used to write fuzzing programs

Requests:elegant and Simple HTTP Library, built for human beings

httpie:human-friendly curl-like command line HTTP client

Proxmon:processes proxy logs and reports discovered issues

Wsmap:find Web service endpoints and Discovery files

Twill:browse the Web from a command-line interface. Supports Automated WEB Testing Web client written in Python

Windmill:web Testing tool designed to let you painlessly automate and debug your Web application

Funkload:functional and Load Web Tester

Spynner:programmatic Web browsing module for Python with Javascript/ajax support

Python-spidermonkey:bridge to the Mozilla SpiderMonkey JavaScript engine; Allows for the evaluation and calling of Javascript scripts and functions

Mitmproxy:ssl-capable, intercepting HTTP proxy. Console interface allows traffic flows to being inspected and edited on the Fly

Pathod/pathoc:pathological daemon/client for tormenting HTTP clients and servers

Volatility:extract digital artifacts from volatile memory (RAM) samples

Libforensics:library for developing digital forensics applications

Tridlib, identify file types from their binary signatures. Now includes Python binding

Aft:android Forensic Toolkit

Malicious program analysis
Pyew:command Line hexadecimal editor and Disassembler, mainly to analyze malware

Exefilter:filter file formats in e-mails, Web pages or files. Detects many common file formats and can remove active content

Pyclamav:add virus detection capabilities to your Python software

Jsunpack-n, generic JavaScript unpacker:emulates browser functionality to detect exploits, target browser and browser Plug-in vulnerabilities

Yara-python:identify and classify malware samples

Phoneyc:pure Python honeyclient Implementation

Didier Stevens ' pdf Tools:analyse, identify and create PDF files (includes Pdfid, Pdf-parserand make-pdf and MPDF)

Opaf:open PDF Analysis Framework. Converts PDF to a XML tree that can analyzed and modified.

Origapy:python wrapper for the Origami Ruby module which sanitizes PDF files

Pypdf:pure Python PDF toolkit:extract Info, spilt, merge, crop, encrypt, decrypt ...

Pdfminer:extract text from PDF files

Python-poppler-qt4:python binding for the Poppler PDF Library, including QT4 support

Inlineegg:toolbox of classes for writing small assembly programs in Python

Exomind:framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on so cial network services, search engines and instant Messaging

Revhosts:enumerate virtual hosts for a given IP address

Simplejson:json Encoder/decoder, e.g. to use Google's AJAX API

Pymangle:command line tool and a Python library used-to-create word lists for use with other penetration testing tools

Hachoir:view and edit a binary stream field by field

Py-mangle:command line tool and a Python library used-to-create word lists for use with other penetration testing tools

Other useful py libraries and tools
ipython:enhanced Interactive Python shell with many features to object introspection, system shell access, and its own s pecial Command System

Beautiful soup:html parser optimized for screen-scraping

Matplotlib:make 2D plots of arrays

MAYAVI:3D scientific data visualization and plotting

Rtgraph3d:create Dynamic Graphs in 3D

Twisted:event-driven Networking Engine

Suds:lightweight SOAP Client for consuming Web Services

M2crypto:most Complete OpenSSL Wrapper

Networkx:graph Library (edges, nodes)

Pandas:library providing high-performance, easy-to-use data structures and data analysis tools

Pyparsing:general Parsing Module

Lxml:most Feature-rich and Easy-to-use library for working with XML and HTML in the Python language

Whoosh:fast, featureful full-text indexing and searching library implemented in pure Python

Pexpect:control and automate other programs, similar to Don libesExpectsystem

Sikuli, visual technology to search and automate GUIs using screenshots. Scriptable Injython

PyQt and Pyside:python bindings for the QT application framework and GUI Library

Python, as the darling of programmers, gets more and more attention, and more and more applications are developed using Python. So, what are the popular Python projects in the 2013? Next, let's take a look.

1.testing and commissioning

Python_koans:python Koans is part of "Ruby Koans", and as an interactive tutorial, you can learn TDD techniques.
Sure:sure is the most suitable Python tool for automated testing, with features such as fluent assertions, depth selectors, and more.
Responses: Using responses to make testing easier, this is a library that can disguise various requests.
boom:boom! An alternative to Apache Bench. As a command-line tool, Boom can quickly smoke test your application.
Part of the Cricket:beeware kit, cricket is a graphical tool that assists you with case testing.
Part of the Bugjar:beeware suite, Bugjar is a graphical interactive debugger for Python.
PUDB:PUDN is a full-screen command-line debugger for Python.
Voltron: Better GDB interface.

2. the WEB framework

Django-stronghold: Tried to put the login_required decorator around? Make all Django views default login_required in your fortress.
Falcon Framework:falcon calls itself High performance cloud interface framework, claiming to be able to improve the performance of the server 30 times times under the same hardware conditions! Does that sound kind of interesting?
Django-xadmin: A deep upgrade of the Django-admin with Bootstrap provides a plug-in installation of the instrument panel.
Clay: Flask-based encapsulation makes it easy to create RESTful backend services that can be viewed clay the full document.
Flask-restful: A simple flask-based framework to create a REST interface.
Sandman:sandman wants to expose your existing apps through the REST interface, and blogs are also worth reading about.
Django Unchained: The name is high, and it's really a guide for Python Django beginners.

3. concurrency

Pulsar: Deploy a new Web server walk up! Interesting event-driven concurrency framework! Compatible with all Python versions from 2.6+ to PyPy!
Toro: Synchronized Tornado support.
Offset:offset Go's concurrency mode is implemented in Python, please refer to the relevant presentation slide to understand!

4.Task Scheduling

Pyres: The Pure Python task Dispatch module, inspired by Resque, is the celery alternative.
Dagobah:dagobah is a simple relational dependency-based task scheduling module completed by Python, and also contains a cool associated task workflow graphical tool.
Schedule: A process dispatch module that uses the generator pattern to generate a configuration for recurring tasks.

5. Practical TOOLS

Howdoi: Have you always found some simple, simplest programming tasks in Google? Howdoi can keep you away from the browser and solve this kind of thing!
DeLorean: Time travel? simple! DeLorean's goal is to make your Python project a breeze when it comes to processing time/date! Check out the complete documentation.
Powerline-shell: For those who want to make common tools beautiful people, be sure to use Powerline-bash, can create a beautiful shell prompt, add Force line (powerline), compatible with Bash/zsh. The "Battery" that was lost when talking about function programming in Python finally appeared! If you are interested in Python functional programming, start the installation experience now!
Lice: A convenient additional license for your open source project, instead of going to Google on your own, support BSD, MIT and GPL and variant protocols.
Usblock: Lock or unlock your notebook based on USB!
Matchbox:matchbox can provide a Dropbox-like backup service on your own server! File transfer is based on Flask and via HTTP protocol.
Cleanify: Use cleanify to beautify all your project's html/css/js files asynchronously.
Locksmith:locksmith is an AES encrypted password manager, looks good, full open source, source code, screenshots have.
Storm: Manage all your SSH connections in the Storm's command-line interface.
Sqlparse:: This is a great force! Sqlparse is a SQL Effectivity Analyzer that supports parsing/splitting/formatting SQL statements.
AUTOPEP8: Can automate the format of your code with PEP8.
The colout:colout is used to color the output on the command line, which is experienced from its GitHub Page view example.
Bumpversion: Version number collisions are always annoying, and everyone always forgets to play tag,bumpversion with a simple command that simplifies the operation.
Pyenv: Need to better manage your Python's multi-version environment? Pyenv allows you to be concise! (even exceeding your expectations!) There are plug-ins that can seamlessly combine virtualenv!)
Pip-tools: A complete set of tools to keep your Python project fresh.
Cdiff:cdiff is a very nice tool that can be used to color output unified diff format information, or in two-column form to display.

6.Data Science and visualization

Data_hacks: A bunch of data analysis published by bitly with command-line tools. These tools accept data entered by the command line or other tools, easily generate bars and histograms, and so on.
Probabilistic programming and Bayesian methods for black guests: This book is excellent for data analysis using Bayesian methods and probabilistic programming, and each chapter provides examples of IPython notebooks.
Simmetrica: Want to show, summarize and share your own application time-based data series? Hurry up to the Simmetrica bar, and also provide a customizable instrument panel.
Vincent:python built a Vega conversion tool designed to visualize the use of d3.js.
Bamboo: A concise real-time data analysis application, Bamboo provides a real-time interface for merging, summarizing, and numerically calculating data.
DataSet: Incredible tools, datasets allow you to read and write to the database simple like the operation of the JSON file, no other file configuration, in an instant let you in front of the BOSS tall up.
Folium: Like maps? Love Python, too? Folium lets you manipulate data freely on the map.
Prettyplotlib: Use Prettyplotlib to strengthen your matplotlib and make your default matplotlib output image more beautiful.
Lifelines: Interested in studying survival analysis in Python, don't wait and see, use lifelines! Contains a regression analysis of Kaplan-meier, Nelson-aalen, and survival.

7.editors and their improvements

Sublime-snake: Want to catch a breath in the endless coding? This is the classic game, of course ...
Spyderlib: Another open source IDE written in Python.
Vimfox: For the Vim party's most intimate web Chinese tool, Vimfox can let vim real-time see css/js/html modification effect, can magically let vim in the revision, immediately see in the browser.
Pcode: Py3-based IDE provides refactoring, engineering management, and more through a simple UI.

8. Continuous Delivery

Metrology: This library is cool and allows you to make multiple measurements of your application and easily output it to an external system like graphite.
Python-lust: Supports the implementation of a daemon with Python in Unix systems.
Scales:scales continues the status and statistics of your Python app and sends data to graphite.
Glances: Cross-platform, system monitoring tool based on curses command line.
Ramona: Enterprise-Class application governance. Ramona guarantees that each process is in value, one but needs to be restarted immediately, and has a monitoring/log output that sends an email reminder.
Salmon: A multi-service monitoring system based on Salt Stack, which can be used as an alarm system or as a monitoring system.
Graph-explorer:graph-explorer is the enhancement to the Graphite panel, which is much better than the original and is worth experiencing.
Sovereign:sovereign is a series of ansible manuals to build a private cloud for yourself.
Shipyard: can pop up your popup instance on the specified machine, also support you to create/delete and so on the remote control of the popup window.
Docker-py: The Python wrapper for the crazy Docker engineering interface.
Dockerui: A tool for interacting with a web interface based on the Docker interface.
Django-docker: If you want to know how to combine Djnago applications with Docker? Can learn from here.
Diamond:python implements a daemon that automatically extracts values from your service or other specified data sources, and graphite, as well as other supported status Panel/collection system outputs.


Git-workflow: A tool for visualizing your git workflow, example: Demo.
Gitto: A simple library to help you build your own git host.
Git-imerge:git-imerge can allow git to incrementally merge. Essentially allows you to merge and continue when you are in conflict with Imerge.

10. mail and chat

Mailbox:mailbox is a humanized reproduction of the IMAP of Python. Based on the attitude of simplicity and beauty, the author gives a simple and well-understood form to the IMAP interface.
Deadchat:deadchat is designed to provide a secure, single room group Chat service as well as clients in an unsecured network environment.
Mailpile:mailpile is a mail-based index and search engine.

11. Audio and video

PMS: The poor Spotify, search and collect music streams!
Dejavu: In pondering the Shazam principle? The Python implementation of the audio fingerprint recognition algorithm is here! Shazam: It's a magical music recognition app that gives her humming a few seconds to tell you exactly what song, author, lyrics ... )
Htpc-manager: A tool for HTPC fans that provides a complete interface to manage all the good things on your home media server.
Cherrymusic:python implementation of a music streaming media server. Stream and output your music to all devices.
Moviepy: Scripted movie clip Pack, cut/string/insert title and other basic operations, a few lines will be done!

12. Other

Emit: It's fun to append the ability to use Redis for your functions.
Zipline:zipline is a very pythonic library of trading algorithms. is a community implementation of Raspberry Pi. Just released, brought together a variety of creative ideas, interested words immediately check out toss it.
Newsblur:google reader has been closed, Newsblur has released a period of time, open source RSS reader, this is definitely the first experience.
Macropy:macropy is a library that implements macros in Python. Check out the documentation, refer to all features, see how it's used.
Mini: For the compiler and language design is interested, must look at this warehouse, as well as the matching video!
The parsimonious:parsimonious target is the fastest Arbitrary-lookahead parser. Implemented in Python, basically available.
Isso:disqus's open source alternative, which looks great from the demo, and provides better privacy settings.
Deaddrop:deaddrop can provide online drop boxes for news organizations or others, with detailed information on their GitHub page. The Python implementation of naked detection is the clone of node. js.
Kaptan:kaptan is your app's configuration Manager!
Luigi:luigi helps you build complex pipelines to complete the batch process.
Gramme:gramme is a simple and elegant way to complete message wrapper serialization over a UDP interface for volatile data.
Q: Provide a fast and effortless log for your Python program. There are a number of helpers to track your function parameters and can be loaded quickly and interactively in the console.
Fuqit: The latest work from the Great Zed Shaw, Fuqit is trying to make you forget the MVC experience and focus on simplicity in a whole new way.
Simplicity: Convert your new structured text to JSON format based on the Pydanny.
Lassie:lassie allows you to easily retrieve content from the site.
Paperwork:paperwork is an OCR document and a searchable conversion tool that implements a friendly interface with Gtk/glade.
Cheat:cheat allows you to create and review interactive memos on the command line. Designed to help *nix system administrators quickly access frequently used commands that are difficult to remember in a accustomed environment.
Cookiecutter: Conscience Module! Provides a bunch of useful, but infrequently written, code templates that do not remember, and also support self-made code templates.
Pydown: Support for building a beautiful HTML5 effect slideshow with Python, Demo.
Ice: Simulator fans can now play with ice to plug the ROM into Steam.
Pants: A lightweight framework for writing asynchronous network applications. Pants is a single-threaded, callback service that also includes HTTP services that support Websockets, WSGI support, and a simple web framework.
Pipeless:pipeless is a framework for building simple data pipelines.
Marshmallow:marshmallow is an ORM-agnostic library that transforms complex data types into Python native type objects for easy conversion to JSON for interface use.
Twosheds:python implements a library for constructing commands or shell interpreters. Twosheds lets you use Python to customize your own shell environment.

Python: Penetration Testing Open Source project

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.