├── LICENSE └── README.md /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Dirk Loss 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Python tools for penetration testers 2 | ==================================== 3 | 4 | If you are involved in vulnerability research, reverse engineering or 5 | pentesting, I suggest to try out the 6 | [Python](http://www.python.org) programming language. It has a rich set 7 | of useful libraries and programs. This page lists some of them. 8 | 9 | Most of the listed tools are written in Python, others are just Python 10 | bindings for existing C libraries, i.e. they make those libraries easily 11 | usable from Python programs. 12 | 13 | Some of the more aggressive tools (pentest frameworks, bluetooth 14 | smashers, web application vulnerability scanners, war-dialers, etc.) are 15 | left out, because the legal situation of these tools is still a bit 16 | unclear in Germany -- even after the [decision of the highest 17 | court](http://www.bundesverfassungsgericht.de/entscheidungen/rk20090518_2bvr223307.html). 18 | This list is clearly meant to help whitehats, and for now I prefer to 19 | err on the safe side. 20 | 21 | ### Network 22 | 23 | - [Scapy](https://scapy.net): send, sniff and dissect 24 | and forge network packets. Usable interactively or as a library 25 | - [Impacket](http://oss.coresecurity.com/projects/impacket.html): 26 | craft and decode network packets. Includes support for higher-level 27 | protocols such as NMB and SMB 28 | - [SMBMap](https://github.com/ShawnDEvans/smbmap): 29 | enumerate Samba share drives across an entire domain 30 | - [dpkt](https://github.com/kbandla/dpkt): fast, simple packet 31 | creation/parsing, with definitions for the basic TCP/IP protocols 32 | - [AutoRecon](https://github.com/Tib3rius/AutoRecon): Multi-threaded network reconnaissance tool 33 | - [Mitm6](https://github.com/fox-it/mitm6): IPv6-based MITM tool that exploits IPv6 features to conduct man-in-the-middle attacks 34 | - [Habu](https://github.com/portantier/habu): 35 | python network hacking toolkit 36 | - [Knock Subdomain Scan](https://github.com/guelfoweb/knock), enumerate 37 | subdomains on a target domain through a wordlist 38 | - [SubBrute](https://github.com/TheRook/subbrute), fast subdomain 39 | enumeration tool 40 | - [pypcap](https://github.com/dugsong/pypcap), 41 | [Pcapy](https://github.com/helpsystems/pcapy), 42 | [Pcapy-NG](https://github.com/stamparm/pcapy-ng) and 43 | [libpcap](https://pypi.org/project/libpcap/): several different 44 | Python bindings for libpcap 45 | - [libdnet](https://github.com/ofalk/libdnet/): low-level networking 46 | routines, including interface lookup and Ethernet frame transmission 47 | - [Mallory](https://github.com/intrepidusgroup/mallory), extensible 48 | TCP/UDP man-in-the-middle proxy, supports modifying non-standard 49 | protocols on the fly 50 | - [Pytbull-NG](https://github.com/netrunn3r/pytbull-ng/): flexible IDS/IPS testing 51 | framework (shipped with more than 300 tests) 52 | - [Spoodle](https://github.com/vjex/spoodle): A mass subdomain + poodle 53 | vulnerability scanner 54 | - [BloodHound.py](https://github.com/dirkjanm/BloodHound.py): Python alternative to BloodHound for AD enumeration, Mapping attack paths in AD. 55 | 56 | ### Debugging and reverse engineering 57 | 58 | - [Frida](http://www.frida.re/): A dynamic instrumentation framework which can 59 | inject scripts into running processes 60 | - [Capstone](http://www.capstone-engine.org/): lightweight 61 | multi-platform, multi-architecture disassembly framework with Python 62 | bindings 63 | - [Unicorn Engine](https://www.unicorn-engine.org/): CPU emulator framework with Python bindings 64 | - [Androguard](https://github.com/androguard/androguard): reverse 65 | engineering and analysis of Android applications 66 | - [Paimei](https://github.com/OpenRCE/paimei): reverse engineering 67 | framework, includes [PyDBG](https://github.com/OpenRCE/pydbg), PIDA, 68 | pGRAPH 69 | - [IDAPython](https://github.com/idapython/src): IDA Pro plugin that 70 | integrates the Python programming language, allowing scripts to run 71 | in IDA Pro 72 | - [PyEMU](hhttps://github.com/codypierce/pyemu/): fully scriptable IA-32 73 | emulator, useful for malware analysis 74 | - [pefile](https://github.com/erocarrera/pefile): read and work with 75 | Portable Executable (aka PE) files 76 | - [pydasm](https://github.com/jtpereyda/libdasm/tree/master/pydasm): 77 | Python interface to the [libdasm](https://github.com/jtpereyda/libdasm/tree/master/) 78 | x86 disassembling library 79 | - [PyDbgEng](http://pydbgeng.sourceforge.net/): Python wrapper for the 80 | Microsoft Windows Debugging Engine 81 | - [diStorm](https://github.com/gdabah/distorm): disassembler library 82 | for AMD64, licensed under the BSD license 83 | - [python-ptrace](http://python-ptrace.readthedocs.org/): 84 | debugger using ptrace (Linux, BSD and Darwin system call to trace 85 | processes) written in Python 86 | - [Keystone](http://www.keystone-engine.org): lightweight multi-platform, 87 | multi-architecture assembler framework with Python bindings 88 | - [PyBFD](https://github.com/Groundworkstech/pybfd/): Python interface 89 | to the GNU Binary File Descriptor (BFD) library 90 | - [CHIPSEC](https://github.com/chipsec/chipsec): framework for analyzing the 91 | security of PC platforms including hardware, system firmware (BIOS/UEFI), 92 | and platform components. 93 | - [Ghidatron](https://github.com/mandiant/Ghidrathon): The FLARE team's open-source extension to add Python 3 scripting to Ghidra. 94 | 95 | ### Fuzzing 96 | 97 | - [afl-python](http://jwilk.net/software/python-afl): enables American fuzzy 98 | lop fork server and instrumentation for pure-Python code 99 | - [Sulley](https://github.com/OpenRCE/sulley): fuzzer development and 100 | fuzz testing framework consisting of multiple extensible components 101 | - [Peach Fuzzing Platform](https://github.com/MozillaSecurity/peach/): 102 | extensible fuzzing framework for generation and mutation based 103 | fuzzing (v2 was written in Python) 104 | - [untidy](https://github.com/kbandla/python-untidy/): general purpose XML fuzzer 105 | - [Powerfuzzer](http://www.powerfuzzer.com/): highly automated and 106 | fully customizable web fuzzer (HTTP protocol based application 107 | fuzzer) 108 | - [Construct](http://construct.readthedocs.org/): library for parsing 109 | and building of data structures (binary or textual). Define your 110 | data structures in a declarative manner 111 | - [Fusil](http://fusil.readthedocs.org/): Python library 112 | used to write fuzzing programs 113 | 114 | ### Web 115 | 116 | - [XSStrike](https://github.com/s0md3v/XSStrike): Advanced XSS detection suite 117 | - [Requests](https://requests.readthedocs.io/): elegant and simple HTTP 118 | library, built for human beings 119 | - [lxml](http://lxml.de/index.html): easy-to-use library for processing XML and HTML; similar to Requests 120 | - [HTTPie](http://httpie.org): human-friendly cURL-like command line 121 | HTTP client 122 | - [Twill](https://twill-tools.github.io/twill/): browse the Web from a command-line 123 | interface. Supports automated Web testing 124 | - [FunkLoad](https://github.com/nuxeo/FunkLoad): functional and load web 125 | tester 126 | - [spynner](https://github.com/makinacorpus/spynner): Programmatic web 127 | browsing module for Python with Javascript/AJAX support 128 | - [mitmproxy](http://mitmproxy.org/): SSL-capable, intercepting HTTP 129 | proxy. Console interface allows traffic flows to be inspected and 130 | edited on the fly 131 | - [spidy](https://github.com/rivermont/spidy/): simple command-line web crawler with page downloading and word scraping 132 | - [https://github.com/TrixSec/waymap](Waymap): web vulnerability scanner built for penetration testers 133 | 134 | 135 | ### Forensics 136 | 137 | - [Volatility](http://www.volatilityfoundation.org/): 138 | extract digital artifacts from volatile memory (RAM) samples 139 | - [Rekall](https://github.com/google/rekall): 140 | memory analysis framework developed by Google 141 | - [TrIDLib](http://mark0.net/code-tridlib-e.html), identify file types 142 | from their binary signatures. Now includes Python binding 143 | 144 | ### Malware analysis 145 | 146 | - [pyew](https://github.com/joxeankoret/pyew): command line hexadecimal 147 | editor and disassembler, mainly to analyze malware 148 | - [Exefilter](https://github.com/decalage2/exefilter): filter file formats 149 | in e-mails, web pages or files. Detects many common file formats and 150 | can remove active content 151 | - [jsunpack-n](https://github.com/urule99/jsunpack-n), generic 152 | JavaScript unpacker: emulates browser functionality to detect 153 | exploits that target browser and browser plug-in vulnerabilities 154 | - [yara-python](https://github.com/VirusTotal/yara-python): 155 | identify and classify malware samples 156 | - [phoneyc](https://github.com/honeynet/phoneyc): pure Python 157 | honeyclient implementation 158 | - [CapTipper](https://github.com/omriher/CapTipper): analyse, explore and 159 | revive HTTP malicious traffic from PCAP file 160 | - [Cuckoo](https://github.com/cuckoosandbox/cuckoo): Automated malware analysis system 161 | - [CAPE](https://github.com/kevoreilly/CAPEv2): Malware configuration and payload extraction 162 | 163 | ### PDF 164 | 165 | - [pdfminer.six](https://github.com/pdfminer/pdfminer.six): 166 | extract text from PDF files 167 | - [peepdf-3](https://github.com/digitalsleuth/peepdf-3): 168 | Python tool to analyse and explore PDF files to find out if they can be harmful 169 | - [Didier Stevens' PDF 170 | tools](http://blog.didierstevens.com/programs/pdf-tools): analyse, 171 | identify and create PDF files 172 | - [pyPDF](https://pypdf.readthedocs.io/): pure Python PDF toolkit: extract 173 | info, spilt, merge, crop, encrypt, decrypt... 174 | 175 | ### Misc 176 | 177 | - [Angr](https://github.com/angr/angr): Powerful binary analysis framework for vulnerability research and exploit development 178 | - [ScoutSuite](https://github.com/nccgroup/ScoutSuite): Multi-cloud security auditing tool 179 | - [Exomind](https://github.com/jio-gl/exomind): 180 | framework for building decorated graphs and developing open-source 181 | intelligence modules and ideas, centered on social network services, 182 | search engines and instant messaging 183 | - [simplejson](https://github.com/simplejson/simplejson/): JSON 184 | encoder/decoder, e.g. to use [Google's AJAX 185 | API](http://dcortesi.com/2008/05/28/google-ajax-search-api-example-python-code/) 186 | - [PyMangle](http://code.google.com/p/pymangle/): command line tool 187 | and a python library used to create word lists for use with other 188 | penetration testing tools 189 | - [Hachoir](https://hachoir.readthedocs.io/en/latest/): view and 190 | edit a binary stream field by field 191 | - [py-mangle](http://code.google.com/p/pymangle/): command line tool 192 | and a python library used to create word lists for use with other 193 | penetration testing tools 194 | - [wmiexec.py](https://github.com/CoreSecurity/impacket/blob/master/examples/wmiexec.py): 195 | execute Powershell commands quickly and easily via WMI 196 | - [Pentestly](https://github.com/praetorian-inc/pentestly): 197 | Python and Powershell internal penetration testing framework 198 | - [hacklib](https://github.com/leonli96/python-hacklib): 199 | Toolkit for hacking enthusiasts: word mangling, password guessing, 200 | reverse shell and other simple tools 201 | - [Certipy](https://github.com/ly4k/Certipy): Active Directory Certificate Services enumeration and abuse tool 202 | - [BloodHound.py](https://github.com/fox-it/BloodHound.py): Python-based BloodHound ingestor for Active Directory security assessment 203 | 204 | 205 | ### Other useful libraries and tools 206 | 207 | - [Project Jupyter](https://jupyter.org): enhanced interactive 208 | shell with many features for object introspection, system shell 209 | access, and its own special command system 210 | - [Beautiful Soup](http://www.crummy.com/software/BeautifulSoup/): 211 | HTML parser optimized for screen-scraping 212 | - [matplotlib](https://matplotlib.org): make 2D plots of 213 | arrays 214 | - [Mayavi](http://code.enthought.com/projects/mayavi/): 3D scientific 215 | data visualization and plotting 216 | - [RTGraph3D](http://www.secdev.org/projects/rtgraph3d/): create 217 | dynamic graphs in 3D 218 | - [Twisted](http://twistedmatrix.com/): event-driven networking engine 219 | - [Suds](https://github.com/suds-community/suds): lightweight SOAP client for 220 | consuming Web Services 221 | - [NetworkX](https://networkx.org): graph library (edges, nodes) 222 | - [Pandas](http://pandas.pydata.org/): library providing 223 | high-performance, easy-to-use data structures and data analysis 224 | tools 225 | - [pyparsing](https://pypi.org/project/pyparsing/): general parsing 226 | module 227 | - [lxml](http://lxml.de/): most feature-rich and easy-to-use library 228 | for working with XML and HTML in the Python language 229 | - [Whoosh](https://github.com/whoosh-community/whoosh): fast, featureful 230 | full-text indexing and searching library implemented in pure Python 231 | - [Pexpect](https://github.com/pexpect/pexpect): control and automate 232 | other programs, similar to Don Libes \`Expect\` system 233 | - [SikuliX](https://sikulix.github.io/docs/scripts/python/), visual technology 234 | to search and automate GUIs using screenshots. Scriptable in 235 | - [PyQt](http://www.riverbankcomputing.co.uk/software/pyqt) and 236 | [PySide](http://www.pyside.org/): Python bindings for the Qt 237 | application framework and GUI library 238 | 239 | ### Books 240 | 241 | - [Violent Python](https://www.elsevier.com/books/violent-python/unknown/978-1-59749-957-6) by TJ O'Connor. A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers 242 | - [Grey Hat Python](http://www.nostarch.com/ghpython.htm) by Justin Seitz: 243 | Python Programming for Hackers and Reverse Engineers. 244 | - [Black Hat Python](http://www.nostarch.com/blackhatpython) by Justin Seitz: 245 | Python Programming for Hackers and Pentesters 246 | - [Python Penetration Testing Essentials](https://github.com/PacktPublishing/Python-Penetration-Testing-Essentials-Second-Edition) by Mohit: 247 | Employ the power of Python to get the best out of pentesting 248 | - [Python for Secret Agents](https://www.packtpub.com/en-us/product/python-for-secret-agents-volume-ii-9781785283406) by Steven F. Lott. Analyze, encrypt, and uncover intelligence data using Python 249 | - [Python Web Penetration Testing Cookbook](https://www.packtpub.com/en-us/product/python-web-penetration-testing-cookbook-9781784399900) by Cameron Buchanan et al.: Over 60 Python recipes for web application testing 250 | - [Learning Penetration Testing with Python](https://www.packtpub.com/en-us/product/learning-penetration-testing-with-python-9781785289552) by Christopher Duffy: Utilize Python scripting to execute effective and efficient penetration tests 251 | - [Python Forensics](http://www.sciencedirect.com/science/book/9780124186767) by Chet Hosmer: 252 | A Workbench for Inventing and Sharing Digital Forensic Technology 253 | - [The Beginner's Guide to IDAPython](https://leanpub.com/IDAPython-Book) by Alexander Hanel 254 | - [Python for Offensive PenTest: A Practical Guide to Ethical Hacking and Penetration Testing Using Python](https://www.amazon.com/Python-Offensive-PenTest-practical-penetration/dp/1788838971) by Hussam Khrais 255 | 256 | ### More stuff 257 | 258 | - [SecurityTube Python Scripting Expert (SPSE)](https://github.com/ioef/SPSE/) is an online course and certification offered by Vivek Ramachandran. 259 | - SANS offers the course [SEC573: Automating Information Security with Python](https://www.sans.org/cyber-security-courses/automating-information-security-with-python/). 260 | - There is a SANS paper about Python libraries helpful for forensic analysis 261 | [(PDF)](http://www.sans.org/reading_room/whitepapers/incident/grow-forensic-tools-taxonomy-python-libraries-helpful-forensic-analysis_33453). 262 | - For more Python libaries, please have a look at 263 | [PyPI](http://pypi.python.org/pypi), the Python Package Index. 264 | --------------------------------------------------------------------------------