Compilation of Python tools for penetration testers

Are you involved in vulnerability research, reverse engineering or intrusion testing? Surely you have already used  Python  because it has an excellent set of libraries and useful tools for these tasks.

Here you can find the collection of tools written in Python for penetration testers.

Net

• DHCPig : Python script that performs a DHCP exhaustion attack (DHCP Starvation).
• dpkt : fast and simple package creation and analysis, with the basic definitions of TCP / IP protocols.
• flowgrep : grep through package payloads using regular expressions
• FuzzAP : Python script to obfuscate wireless networks.
• glastopf : honeypot that is based on a small web server that emulates hundreds of vulnerabilities.
• Impacket : modifies and decodes network packets. Includes support for the highest level protocols, such as NMB and SMB.
• Knock Subdomain Scan : Lists the subdomains of a destination domain through a list of words.
• LANs.py : tool capable of falsifying and poisoning the ARP table of an individual target. It is multi-threaded and asynchronous.
• libdnet : low-level network routines, including the Ethernet frame search and transmission interface.
• Mallory :  extensible TCP / UDP man-in-the-middle proxy  , supports the modification of non-standard protocols on the fly.
• pypcap ,  Pcapy  and  pylibpcap : several Python links for libpcap.
• Pytbull : very flexible IDS / IPS testing framework (includes more than 300 tests).
• pynids : libnids wrapper that includes sniffing, IP defragmentation, reassembling of TCP streams and detection of port scans.
• Answer : a poisoner LLMNR, NBT-NS and MDNS, with fake HTTP / SMB / MSSQL / FTP / LDAP authentication servers that support NTLMv1 / NTLMv2 / LMv2, Extended Security NTLMSSP and HTTP basic authentication.
• Scapy : send, track and analyze and create network packages. It can be used interactively or as a library.
• Waffit : a set of tools to audit your WAF.

Debugging and reverse engineering

• Androguard : reverse engineering and analysis of Android applications.
• apk-jet : a wrap of apktool in python to automate and make easier the reverse engineering of apks.
• AsmJit : simple wrapper in Python for AsmJit using SWIG. AsmJit has high-level code generation classes that can be used to create JIT code.
• BeaEnginePython : bindings of BeaEngine in Python by Mario Vilas.
• Binwalk :  is  an analysis tool  firmware  designed to  assist in the analysis , extraction  and engineering  reverse  of  firmware images  and other  blobs  binary.  It is  easy to use,  completely programmable  and  can be easily extended  through  custom signatures , extraction  rules  and  plugin modules .
• bochs-python-instrumentation : This patch for Bochs provides a Python interpreter instead of the Bochs debugger itself, providing the functionality of the debugger. It also allows interacting with the on-demand instrumentation interface, by dynamically associating Python methods to handle instrumentation events.
• Buggery:  python wrapper for DbgEng. 
• ctypes : Python module that allows you to create and manipulate C data types in Python. These can then move to C functions loaded from dynamic link libraries.
• Cuckoo:  automated malware analysis sandbox system. It has an API to customize both the processing and reporting stages. 
• Darm : A light and efficient disassembler written in C for the ARMv7 instruction set.
• Deviare : is an API for hooks designed to create end-user products.
• Diabind : Python binding of DIA (Debug Interface Access) SDK.
• Dislib : Python library to read PE + files.
• diStorm : disassembler library for AMD64, under BSD license.
• Immunity Debugger : programmable GUI and command line debugger.
• Paimei : reverse engineering framework, includes  PyDBG , PIDA, pGRAPH.
• pefile : allows you to read and work with Portable Executable (PE) files.
• pydasm : interface in Python for the libdasm library   of disassembled x86.
• PyDbgEng : wrapper in Python for the Microsoft Windows debug engine.
• PyEMU : fully programmable IA-32 emulator, useful for malware analysis.
• python-ptrace : debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python.
• mona.py : PyCommand for Immunity Debugger that replaces and improves pvefindaddr
• uhooker : intercepts calls to API calls within DLLs, as well as arbitrary addresses in the executable file in memory.
• vdb / vtrace : Multi-platform process debugging API implemented in python, and vdb is a debugger that uses it.

Fuzzing

• antiparser : fuzz testing and fault injection API.
• Construct : library to parse and build data structures (binary or text).
• Forensic Fuzzing Tools : generates fuzzy files, file systems, and file systems with fuzzy files to test the robustness of forensic tools and analysis systems.
• Rifle : Python library used to write fuzzing programs.
• fuzzer.py (feliam) : simple fuzzer by Felipe Andres Manzano.
• Fuzzbox : multi-codec media fuzzer.
• Mistress : generates file formats on the fly and protocols with malformed data, based on predefined patterns.
• Peach Fuzzing Platform : extensible fuzzing framework for fuzzing generation and mutation (v2 was written in Python).
• Powerfuzzer : highly automated and fully customizable web fuzzer (HTTP protocol based on application fuzzer).
• SMUDGE
• Sulley : fuzzer development framework and tests consisting of several extensible components.
• TAOF : (The Art of Fuzzing) includes ProxyFuzz, a non-deterministic network man-in-the-middle fuzzer.
• untidy : general purpose XML fuzzer.
• Windows IPC Fuzzing Tools : tools for fuzzing applications that use Windows Interprocess Communication mechanisms.
• WSBang : runs automatic tests against SOAP web services.

Web

• FunkLoad : functional web load meter.
• Ghost.py : webkit client written in Python.
• HTTPie : http client similar to cURL but more intuitive.
• Liffy : tool designed to exploit LFI vulnerabilities using three different techniques that will allow you to obtain a webshell.
• mitmproxy : Intercepting HTTP proxy with SSL support. It allows to inspect and edit traffic on the fly.
• Requests : simple and elegant HTTP library, made for human beings.
• Twill : browse the Internet through an online command interface. Supports  automated web testing  .
• pathod / pathoc : daemon / client to saturate HTTP servers and clients.
• ProxMon : processes proxy logs and creates reports with the results.
• python-spidermonkey : binding for the Mozilla SpiderMonkey JavaScript engine; allows to call and evaluate scripts and Javascript functions.
• Selenium : API to write functional tests using the Selenium WebDriver for access to Firefox, Ie, Chrome, Remote etc.
• Splinter : tool for testing web applications using Python that allows you to automate browser actions such as visiting URLs and interacting with your objects.
• spynner : programmable web navigation module for Python with Javascript / AJAX support.
• WSMap : find web services and discover files.
• Windmill : test tool created to automate and debug web applications.

Cracking

• findmyhash : Python script to crack hashes using online services.

Malware

• MeterSSH : an easy way to inject native shell code into memory and take it to the attacker through an SSH tunnel. All with a single Python file that can be easily converted into executable using  PyInstaller  or  py2exe.
• pyew : a tool from the command line to analyze malware statically.
• Noriben : script that works in conjunction with Sysinternals Procmon to analyze malware in sandbox.
• s7-brute-offline.py : tool that can perform brute force off-line attacks against programmable logic controllers (PLCs) Siemens.
• The Backdoor Factory : an interesting Python script to "backdoorize" executables and Windows libraries (Win32 PE).
• The Backdoor Factory Proxy (BDFProxy) : Proxy capable of patching the binaries "on the fly" during download, turning a MITM into an extremely dangerous attack vector.
• Tiny SHell : the classic open-source backdoor in Python by Christophe Devine.
• TinySHell under SCTP : a Unix backdoor a bit more undetectable.
• Veil : tool written in Python by Christopher Truncer to create payloads of Metasploit capable of evading most of the antivirus.
• virustotal-search.py : script to automate from the command line the analysis of a sample of malware through the well-known VirAVotal multiAV service.

Forensic

• ADEL (Android Data Extractor Lite) : Python script that dumps all SQLite databases from an Android smartphone to disk and analyzes the files in a precise forensic workflow.
• aft : Android forensic toolkit.
• Codetective : analysis tool to find out the encryption / coding algorithm used.
• FBStalker and GeoStalker : OSINT tool for Facebook and geolocation sources - Flickr, Instagram, Twitter, Wigle. The user IDs found are used to find social network accounts through other networks such as Facebook, YouTube, Instagram, Google+, Linkedin and Google Search.
• Grampus : cross-platform tool for extracting metadata and footprinting, something like a FOCA in python and open source.
• LibForensics : library to develop digital forensic applications.
• Mobius Forensic Toolkit : forensic framework written in Python / GTK that allows to manage cases and elements of cases, facilitating an abstract interface for the development of extensions. The categories of cases and items are defined using XML files to improve the integration with other tools.
• sqlparse.py : parser to retrieve deleted data from SQLite databases.
• TrIDLib:  identifies the file types of your binary signatures. Now includes Python binding.
• Volatility : extracts and analyzes digital artifacts from volatile memory (RAM).

Malware analysis

• Exefilter : filters file formats in email messages, web pages or files. It detects many common file formats and can delete content.
• OS X Auditor:  free forensic analysis tool for Mac OS X.
• phoneyc : implementation of honeyclient totally written in python.
• pyew : hexadecimal editor and command line disassembler, mainly used to analyze malware.
• pyClamAV : adds virus detection capabilities for your Python software.
• pyMal : framework for malware analysis based on Pefile, Pydbg and Volatility.
• jsunpack-n : generic JavaScript unpacker: emulates the functionality of the browser to detect exploits aimed at exploiting vulnerabilities in browsers and plugins.
• yara-python : identifies and classifies malware samples.

PDF

• Didier Stevens' PDF tools : analyzes, identifies and creates PDF files (includes  PDFiD ,  pdf-parser ,  make-pdf  and mPDF).
• Opaf : Open Framework Analysis PDF. Convert PDF to an XML tree that can be analyzed and modified.
• Origapy : Python wrapper for the Ruby Origami module that disinfects PDF files.
• PDFMiner : extracts text from PDF files.
• pyPDF : Python PDF toolkit: extract info, cut, join, encrypt, decipher ...
• python-poppler-qt4 : joins Python with the Poppler PDF library, including Qt4 support.

Misc

• Exomind : for the creation of graphics and the development of open source intelligence modules, focused on social network services, search engines and instant messaging.
• Hachoir : allows you to view and edit a binary stream field by field.
• InlineEgg : class toolbox for writing small programs in Python.
• OnionShare : anonymously and securely shares a file of any size through Tor.
• PyMangle : command line tool and a Python library used to create word lists for use with other intrusion testing tools.
• RevHosts : lists the virtual hosts of a given IP address.

Other useful tools and libraries

• Beautiful Soup : HTML parser optimized for screen-scraping.
• IPython : Interactive and improved Python shell with some features for introspection of objects, access to a system console and its own special command system.
• lxml : library richer in features and easy to use to work with XML and HTML.
• M2Crypto : OpenSSL wrapper more complete.
• matplotlib : build 2D matrix graphics.
• Mayavi : 3D visualization of scientific data and plotting.
• NetworkX : graphic library (edges, nodes).
• ODAT (Oracle Database Attacking Tool):  check the security of your Oracle database.
• Pandas : library that provides higher performance and greater ease of use to analyze high-performance data structures and data analysis tools.
• Pexpect : controls and automates other programs, similar to the Don Libes `Expect system.
• Pompem : open source tool that is designed to automate the search of vulnerabilities in the main databases.
• PyQt  and  PySide : Python bindings for the Qt framework and GUI library.
• pyparsing : general parsing  module  .
• RTGraph3D : creates dynamic 3D graphics.
• Sikuli , visual technology to search and automate graphical user interfaces with screenshots. Programmable in  Jython .
• Suds : lightweight SOAP client for Web services.
• Twisted : event-based networking engine.
• Whoosh : fast, with many features of full text indexing and library search implemented in Python.

All the information provided in this medium is for educational purposes, in no case is any responsible for any misuse of the information. All information is for the development and investigation of computer security methods.