Top 123 Python Tools for Pen Testing, Reverse Engineering & Forensics
A comprehensive, curated list of 123 Python-based security tools spans network analysis, debugging, reverse engineering, fuzzing, web testing, forensics, malware analysis, PDF inspection, miscellaneous utilities, plus recommended libraries, books, and learning resources for penetration testers and security researchers.
This article, sourced from dloss/python-pentest-tools, presents a curated list of 123 Python tools useful for penetration testing, reverse engineering, forensics, and related security tasks.
Network
Scapy, Scapy3k: send, sniff, dissect, and forge network packets; usable as a library or interactive tool.
pypcap, Pcapy, pylibpcap: various Python bindings for libpcap.
libdnet: low‑level network routing library for interface discovery and Ethernet frame forwarding.
dpkt: fast, lightweight packet creation and parsing for basic TCP/IP protocols.
Impacket: packet crafting and decoding, supporting higher‑level protocols such as NMB and SMB.
pynids: libnids wrapper providing sniffing, IP fragment reassembly, TCP stream reconstruction, and port‑scan detection.
Dirtbags py‑pcap: read pcap files without libpcap.
flowgrep: search packet payloads using regular expressions.
Knock Subdomain Scan: enumerate subdomains via dictionary attacks.
SubBrute: fast subdomain enumeration tool.
Mallory: extensible TCP/UDP proxy with on‑the‑fly protocol modification.
Pytbull: flexible IDS/IPS testing framework with over 300 test cases.
Spoodle: massive subdomain + Poodle vulnerability scanner.
SMBMap: enumerate Samba shares in a domain.
Debugging and Reverse Engineering
Paimei: reverse‑engineering framework including PyDBG, PIDA, pGRAPH.
Immunity Debugger: scriptable GUI and command‑line debugger.
mona.py: Immunity Debugger plugin replacing pvefindaddr.
IDAPython: Python plugin for IDA Pro enabling script execution.
PyEMU: full‑script Intel 32‑bit emulator for malware analysis.
pefile: read and manipulate PE files.
pydasm / libdasm: Python interface to an x86 disassembly library.
PyDbgEng: Python wrapper for Microsoft Windows debugging engine.
uhooker: hook API calls in DLLs or arbitrary memory addresses.
diStorm: AMD64 disassembly library under BSD license.
Frida: dynamic instrumentation framework for injecting scripts into running processes.
python‑ptrace: ptrace‑based debugger for Linux, BSD, and Darwin.
vdb / vtrace: cross‑platform process debugging API (vtrace) and debugger (vdb).
Androguard: Android application reverse‑engineering toolkit.
Capstone: lightweight multi‑platform, multi‑architecture disassembly framework (ARM, ARM64, MIPS, x86/x64).
Keystone: lightweight multi‑platform, multi‑architecture assembler.
PyBFD: Python interface to GNU Binary File Descriptor library.
CHIPSEC: framework for analyzing hardware, firmware (BIOS/UEFI), and platform security.
Fuzzing
afl‑python: American Fuzzy Lop implementation for pure Python code.
Sulley: extensible fuzzing framework composed of modular components.
Peach Fuzzing Platform: extensible fuzzing framework (v2 written in Python).
antiparser: API for fuzzing and fault injection.
TAOF (The Art of Fuzzing): includes ProxyFuzz, a man‑in‑the‑middle network fuzzing tool.
untidy: XML‑focused fuzzing tool.
Powerfuzzer: highly automated, fully customizable web fuzzing tool.
SMUDGE
Mistress: pattern‑based real‑time file‑format and protocol anomaly detection.
Fuzzbox: media encoder fuzzing.
Forensic Fuzzing Tools: generate fuzzed files and filesystems to test forensic tool robustness.
Windows IPC Fuzzing Tools: fuzz Windows inter‑process communication mechanisms.
WSBang: web‑service‑oriented SOAP security testing automation.
Construct: library for parsing and building binary or text data formats.
fuzzer.py (feliam): simple fuzzing tool by Felipe Andres Manzano.
Fusil: Python library for writing fuzzing programs.
Web
Requests: elegant, simple, human‑friendly HTTP library.
lxml: convenient XML/HTML processing library.
HTTPie: user‑friendly command‑line HTTP client similar to cURL.
ProxMon: process proxy logs and report issues.
WSMap: discover web servers and files.
Twill: command‑line web browsing with support for automated web testing.
Ghost.py: WebKit‑based web client written in Python.
Windmill: web testing tool for easy automated debugging of web applications.
FunkLoad: web functional and load testing.
spynner: Python web‑browser module supporting JavaScript/AJAX.
python‑spidermonkey: Mozilla JS engine ported to Python for executing JavaScript scripts.
mitmproxy: SSL‑capable HTTP proxy with interactive console for inspecting and editing traffic.
pathod / pathoc: daemon/client for stressing HTTP clients and servers.
spidy: simple command‑line web scraper with page download and word extraction.
Forensics
Volatility: extract data from RAM images.
Rekall: Google‑developed memory analysis framework.
LibForensics: digital forensics application library.
TrIDLib: Python implementation for identifying file types from binary signatures.
aft: Android forensics toolkit for malware analysis.
Malware Analysis
pyew: command‑line hex editor and disassembler for malware analysis.
Exefilter: filter specific file formats in emails, web pages, and files; can detect and strip common formats.
pyClamAV: add virus‑scanning capabilities to Python software.
jsunpack‑n: generic JavaScript interpreter for detecting exploits targeting browsers and plugins.
yara‑python: identify and classify malware samples.
phoneyc: pure‑Python honeypot implementation.
CapTipper: analyze, research, and replay HTTP malicious traffic from PCAP files.
peepdf: Python PDF analysis tool for detecting malicious PDFs.
Didier Stevens' PDF tools (PDFiD, pdf‑parser, make‑pdf, mPDF): parse, identify, and create PDF files.
Opaf: open PDF analysis framework that converts PDFs to XML trees for analysis and modification.
Origapy: Python interface to the Ruby Origami tool for reviewing PDF files.
pyPDF2: Python PDF toolkit for information extraction, splitting, merging, creation, encryption, and decryption.
PDFMiner: extract text from PDF files.
python‑poppler‑qt4: Python binding for the Poppler PDF library with Qt4 support.
Miscellaneous
InlineEgg: toolbox of small Python utilities.
Exomind: framework for building decorated graphs and open‑source intelligence modules centered on social networks, search engines, and instant messaging.
RevHosts: enumerate virtual hosts for a given IP address.
simplejson: JSON encoder/decoder, e.g., for Google’s AJAX API.
PyMangle: command‑line tool and library for creating dictionaries used in penetration testing.
Hachoir: view and edit binary streams.
py‑mangle: duplicate entry.
wmiexec.py: execute PowerShell commands quickly via WMI.
Pentestly: Python and PowerShell internal penetration‑testing framework.
hacklib: hacker‑oriented toolkit offering word cracking, password guessing, reverse shells, and other simple tools.
Other Useful Libraries or Tools
IPython: enhanced interactive Python shell with introspection, system shell access, and custom commands.
Beautiful Soup: optimized HTML parser for web scraping.
matplotlib: 2‑D plotting library.
Mayavi: 3‑D scientific data visualization.
RTGraph3D: create animated 3‑D graphs.
Twisted: event‑driven networking engine.
Suds: lightweight SOAP client for web services.
M2Crypto: comprehensive OpenSSL wrapper.
NetworkX: graph library (nodes, edges).
Pandas: high‑performance data structures and analysis tools.
pyparsing: generic parsing module.
Whoosh: fast, feature‑rich full‑text indexing and search library.
Pexpect: control and automate other programs, similar to Expect.
Sikuli: visual automation using screenshots, runnable in Jython.
PyQt and PySide: Python bindings for the Qt application framework and GUI libraries.
Books
Violent Python (TJ O'Connor): cookbook for hackers, forensic analysts, pentesters, and security engineers.
Grey Hat Python (Justin Seitz): Python programming for hacking and reverse engineering.
Black Hat Python (Justin Seitz): Python programming for hacking and penetration testing.
Python Penetration Testing Essentials (Mohit): leveraging Python features for optimal penetration testing.
Python for Secret Agents (Steven F. Lott): using Python for analysis, encryption, and intelligence gathering.
Python Web Penetration Testing Cookbook (Cameron Buchanan et al.): over 60 Python use‑cases for web application testing.
Learning Penetration Testing with Python (Christopher Duffy): effective and efficient pentesting with Python scripts.
Python Forensics (Chet Hosmer): workstation for inventing and sharing digital forensics techniques.
The Beginner's Guide to IDAPython (Alexander Hanel).
Talks, Slides and Articles
Python & Reverse Engineering Software (Alexander Hanel).
Python Arsenal for Reverse Engineering (Dmitriy Evdokimov, RUCTF 2016).
More
SecurityTube Python Scripting Expert (SPSE): online course certified by Vivek Ramachandran.
SANS course SEC573: Python for Penetration Testers.
Python Arsenal for Reverse Engineering: extensive collection of reverse‑engineering tools.
Article from SANS about Python libraries usable for forensic analysis (PDF).
For additional Python libraries, consult the Python Package Index (PyPI).
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.