Essential Python Tools for Vulnerability Research, Reverse Engineering & Pen Testing

Network

Scapy – powerful interactive packet analysis tool for sending, sniffing, parsing, and forging network packets.

pypcap, Pcapy, pylibpcap – packet capture modules used with libpcap.

libdnet – low‑level network utilities, including interface queries and Ethernet frame transmission.

dpkt – simple, fast packet creation and parsing.

Impacket – creates and decodes network packets, supporting NMB, SMB and other advanced protocols.

pynids – wraps libnids for packet sniffing, IP fragment reassembly, TCP stream reconstruction, and port‑scan detection.

Dirtbags py-pcap – reads pcap files.

flowgrep – searches packet payloads with regular expressions.

Knock Subdomain Scan – enumerates subdomains using wordlists.

Mallory – extensible TCP/UDP man‑in‑the‑middle proxy with real‑time protocol modification.

Pytbull – flexible IDS/IPS testing framework with over 300 test cases.

Debugging and Reverse Engineering

Paimei – reverse‑analysis framework including PyDBG, PIDA, and pGRAPH.

Immunity Debugger – GUI debugger that accelerates exploit development and malware analysis.

mona.py – vulnerability discovery plugin.

IDAPython – Python integration for IDA Pro.

PyEMU – full IA‑32 emulator for malware analysis.

pefile – reads and manipulates PE files.

pydasm – provides access to the libdasmx86 disassembly library.

PyDbgEng – wraps Microsoft Windows Debugging Engine.

uhooker – intercepts API calls inside DLLs to inspect memory addresses.

diStorm – AMD64 disassembly library under BSD license.

python-ptrace – debugger using ptrace.

vdb/vtrace – cross‑platform debugging tools built on Python.

Androguard – reverse‑engineering framework for Android applications.

Fuzzing

Sulley – extensible fuzzing development framework with many components.

Peach Fuzzing Platform – generation‑ and mutation‑based fuzzing framework.

antiparser – fuzzing tool offering fault‑injection API.

TAOF – includes ProxyFuzz, a man‑in‑the‑middle network fuzzer.

untidy – generic XML fuzzer.

Powerfuzzer – highly automated, fully customizable web fuzzer.

SMUDGE

Mistress – tests file formats and protocols with malformed data based on predefined patterns.

Fuzzbox – multimedia codec fuzzer.

Forensic Fuzzing Tools – generates fuzzed files and file systems for forensic testing.

Windows IPC Fuzzing Tools – fuzzes Windows inter‑process communication mechanisms.

WSBang – Python tool for automated web service security testing.

Construct – library for parsing and building data structures.

fuzzer.py (feliam) – simple fuzzing tool by FelipeAndres Manzano.

Fusil – code library for writing fuzzing programs.

Web

Requests – simple, friendly HTTP library.

HTTPie – command‑line HTTP client with cURL‑like syntax.

ProxMon – processes proxy logs and reports issues.

WSMap – discovers web service nodes and scans files.

Twill – command‑line web browsing for automated web testing.

Ghost.py – WebKit web client.

Windmill – web testing tool for automating and debugging web applications.

FunkLoad – loads multi‑functional web application test components.

spynner – programmable web browser module supporting JavaScript/AJAX.

python-spidermonkey – bridges Mozilla SpiderMonkey JavaScript engine for testing scripts.

mitmproxy – SSL‑capable HTTP proxy with real‑time traffic interception and editing.

pathod / pathoc – provides malformed test cases for HTTP clients and servers.

Forensics

Volatility – extracts data from RAM samples.

LibForensics – code library for developing digital forensics applications.

TrIDLib – identifies file types via code signatures.

aft – Android forensics tool.

Malware Analysis

pyew – command‑line hex editor and disassembler for malware analysis.

Exefilter – filters emails, web pages, or files to detect and strip active content.

pyClamAV – adds virus detection to Python software.

jsunpack‑n – generic JavaScript unpacker for browser and plugin vulnerabilities.

yara‑python – identifies and classifies malware samples.

phoneyc – pure honeypot system.

PDF

Didier Stevens’ PDF tools – analysis, identification, and creation of PDFs (PDFiD, pdf‑parser, make‑pdf, mPDF).

Opaf – open‑source PDF analysis framework converting PDFs to XML trees.

Origapy – wraps Origami Ruby module for secure PDF review.

pyPDF – pure‑Python PDF tool for extraction, merging, encryption, and decryption.

PDFMiner – extracts text content from PDF files.

python‑poppler‑qt4 – bindings for Poppler PDF library supporting Qt4.

Miscellaneous

InlineEgg – Python toolbox for writing small assembly programs.

Exomind – framework for developing open‑source intelligent modules focused on social networking, search, and instant messaging.

RevHosts – enumerates virtual hosts from a given IP address.

simplejson – JSON encoder/decoder using Google AJAX API.

PyMangle – command‑line tool/library for creating wordlists used in penetration testing.

Hachoir – examines and edits data fields in code streams.

py‑mangle – another command‑line tool/library for generating penetration‑testing wordlists.

Other Useful Libraries and Tools

IPython – powerful interactive Python shell.

Beautiful Soup – HTML parser often used in web crawling.

Mayavi – 3D scientific data visualization tool.

RTGraph3D – creates 3D dynamic images.

Twisted – event‑driven network engine.

Suds – lightweight SOAP client for web services.

M2Crypto – comprehensive OpenSSL wrapper.

NetworkX – graph library.

Pandas – high‑performance data structures for data analysis.

pyparsing – generic parsing module.

lxml – rich, easy‑to‑use XML and HTML library written in Python.

Whoosh – full‑text indexing and search library in pure Python.

Pexpect – automates control of other programs, similar to Expect.

Sikuli – GUI automation via screenshot‑based searching, scriptable with Jython.

PyQt + PySide – modules for Qt application framework and GUI development.