Top 23 Python Redteam Projects

• PayloadsAllTheThings

  34 56,965 8.5 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

• sherlock

  109 51,544 7.3 Python

  🔎 Hunt down social media accounts by username across social networks

  

Project mention: Checking all accounts associated with my email address? | /r/PrivacySecurityOSINT | 2023-11-12

In the interest of cleaning my digital life a bit I really want to delete all of my old accounts that I no longer use. The terminal application "Sherlock" on github can search for instances of a username you input and find associated websites. Sherlock

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• dirsearch

  12 11,271 7.7 Python

  Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

• theHarvester

  19 10,393 9.4 Python

  E-mails, subdomains and names Harvester - OSINT

Project mention: Search for sensitive data using theHarvester and h8mail tools | dev.to | 2023-12-01

• Villain

  2 3,579 7.7 Python

  Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

• snoop

  7 2,701 9.4 Python

  Snoop — инструмент разведки на основе открытых данных (OSINT world)

Project mention: Osint update of the Snoop Project tool search for user by nickname | news.ycombinator.com | 2024-01-02

• malicious-pdf

  13 2,676 2.5 Python

  💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Project mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30

Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• macro_pack

  4 2,045 0.0 Python

  macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

• 100-redteam-projects

  14 1,772 7.3 Python

  Projects for security students

Project mention: Any Projects For Ethical Hacking? | /r/ethicalhacking | 2023-06-21

• Lockdoor-Framework

  2 1,298 2.7 Python

  🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

• PlumHound

  1 1,018 8.7 Python

  Bloodhound for Blue and Purple Teams

  

Project mention: Dealing with large BloodHound datasets | dev.to | 2023-12-06

Name Description Url BloodHound BloodHound GUI https://github.com/BloodHoundAD/BloodHound/ PlumHound Generate a report with actions to resolve the security flaws in the Active Directory configuration https://github.com/DefensiveOrigins/PlumHound/ GoodHound GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. https://github.com/idnahacks/GoodHound/ BlueHound Tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network. https://github.com/zeronetworks/BlueHound/

• sam-the-admin

  4 955 0.0 Python

  Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

• VcenterKit

  1 897 6.0 Python

  Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

Project mention: VcenterKit: Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit | /r/blueteamsec | 2023-08-26

• SlackPirate

  1 711 0.0 Python

  Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

• Octopus

  1 710 1.8 Python

  Open source pre-operation C2 server based on python and powershell

• overlord

  1 606 0.0 Python

  Overlord - Red Teaming Infrastructure Automation (by qsecure-labs)

  

• Spoofy

  2 542 5.4 Python

  Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

• GTFONow

  1 495 6.4 Python

  Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

• emploleaks

  1 489 7.8 Python

  An OSINT tool that helps detect members of a company with leaked credentials

  

Project mention: Emploleaks: Retrieving information from employees and finding leaked passwords | news.ycombinator.com | 2023-08-10

• Dome

  3 451 5.8 Python

  Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. (by v4d1)

• GoodHound

  2 438 0.0 Python

  Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

Project mention: Dealing with large BloodHound datasets | dev.to | 2023-12-06

Name Description Url BloodHound BloodHound GUI https://github.com/BloodHoundAD/BloodHound/ PlumHound Generate a report with actions to resolve the security flaws in the Active Directory configuration https://github.com/DefensiveOrigins/PlumHound/ GoodHound GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. https://github.com/idnahacks/GoodHound/ BlueHound Tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network. https://github.com/zeronetworks/BlueHound/

• PivotSuite

  1 420 2.8 Python

  Network Pivoting Toolkit

• LOOBins

  2 389 8.3 Python

  Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.

Project mention: LOOBins | news.ycombinator.com | 2023-05-25

I’m excited to announce the release of Living Off the Orchard: macOS Binaries (LOOBins)!

LOOBins is a resource designed to help cybersecurity professionals and researchers understand and defend against the potential risks associated with binaries built into macOS.

https://loobins.io

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Redteam related posts

• Search for sensitive data using theHarvester and h8mail tools

  2 projects | dev.to | 1 Dec 2023

• Docx, doc macro rev shell generator?

  2 projects | /r/oscp | 21 Mar 2023

• hey guys which would be easier to make, a malicious docx or pdf?

  1 project | /r/hacking | 27 Jan 2023

• HavocNotion: A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel.

  1 project | /r/blueteamsec | 12 Oct 2022

• University final year project

  3 projects | /r/cybersecurity_help | 20 Sep 2022

• MacroPack - will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other maldoc payload type. This tool can be used for red teaming, pentests, demos, and social engineering assessments.

  1 project | /r/hacking | 27 Aug 2022

• I want to write a program that sends a single query to 5 different search engines, and returns a list of the headers of the first 1000 results

  1 project | /r/learnpython | 16 Aug 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 10 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!