Originally posted on Network Scapy, Scapy3k: Send, sniff and dissect and forge network packets. Usable interactively or as a library libdnet: Low-level networking routines, including interface lookup and Ethernet frame transmission dpkt: Fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols Impacket: Craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB pynids: Libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection Dirtbags py-pcap: Read pcap files without libpcap flowgrep: Grep through packet payloads using regular expressions Knock Subdomain Scan: Enumerate subdomains on a target domain through a wordlist SubBrute: Fast subdomain enumeration tool Mallory: Extensible TCP/UDP man-in-the-middle proxy, supports modifying non-standard protocols on the fly Pytbull: Flexible IDS/IPS testing framework (shipped with more than 300 tests) Debugging and Reverse Engineering Immunity Debugger: Scriptable GUI and command line debugger mona.py: PyCommand for Immunity Debugger that replaces and improves on pvefindaddr IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro PyEMU: Fully scriptable IA-32 emulator, useful for malware analysis pefile: Read and work with Portable Executable (aka PE) files PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine uhooker: Intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory diStorm: Disassembler library for AMD64, licensed under the BSD license python-ptrace: Debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python vdb / vtrace: Vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it Androguard: Reverse engineering and analysis of Android applications Capstone: Lightweight multi-platform, multi-architecture disassembly framework with Python bindings PyBFD: Python interface to the GNU Binary File Descriptor (BFD) library Fuzzing Sulley: Fuzzer development and fuzz testing framework consisting of multiple extensible components Peach Fuzzing Platform: Extensible fuzzing framework for generation and mutation based fuzzing (v2 was written in Python) antiparser: Fuzz testing and fault injection API TAOF: The Art of Fuzzing) including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer untidy: General purpose XML fuzzer Powerfuzzer: Highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) SMUDGE : Pure Python network protocol fuzzer Mistress: Probe file formats on the fly and protocols with malformed data, based on pre-defined patterns Fuzzbox: Multi-codec media fuzzer Forensic Fuzzing Tools: Generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems Windows IPC Fuzzing Tools: Tools used to fuzz applications that use Windows Interprocess Communication mechanisms WSBang: Perform automated security testing of SOAP based web services Construct: Library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner fuzzer.py (feliam): Simple fuzzer by Felipe Andres Manzano Fusil: Python library used to write fuzzing programs Web Requests: Elegant and simple HTTP library, built for human beings HTTPie: Human-friendly cURL-like command line HTTP client ProxMon: Processes proxy logs and reports discovered issues WSMap: Find web service endpoints and discovery files Twill: Browse the Web from a command-line interface. Supports automated Web testing Ghost.py: Webkit web client written in Python Windmill: Web testing tool designed to let you painlessly automate and debug your web application FunkLoad: Functional and load web tester spynner: Programmatic web browsing module for Python with Javascript/AJAX support python-spidermonkey: Bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript scripts and functions mitmproxy: SSL-Capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly pathod / pathoc: Pathological daemon/client for tormenting HTTP clients and servers Forensics Volatility: Extract digital artifacts from volatile memory (RAM) samples Rekall: Memory analysis framework developed by Google LibForensics: Library for developing digital forensics applications TrIDLib: Identify file types from their binary signatures. Now includes Python binding Malware Analysis pyew: Command line hexadecimal editor and disassembler, mainly to analyze malware Exefilter: Filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content pyClamAV: Add virus detection capabilities to your Python software jsunpack-n: Generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities yara-python: Identify and classify malware samples phoneyc: Pure Python honeyclient implementation CapTipper: Aanalyse, explore and revive HTTP malicious traffic from PCAP file peepdf: Python tool to analyse and explore PDF files to find out if they can be harmful Didier Stevens' PDF tools: Analyse, identify and create PDF files (includes PDFiD, pdf-parser and make-pdf and mPDF) Opaf: Open PDF Analysis Framework. Converts PDF to an XML tree that can be analyzed and modified. Origapy: Python wrapper for the Origami Ruby module which sanitizes PDF files pyPDF2: Pure Python PDF toolkit: extract info, spilt, merge, crop, encrypt, decrypt... PDFMiner: Extract text from PDF files python-poppler-qt4: Python binding for the Poppler PDF library, including Qt4 support Misc InlineEgg: Toolbox of classes for writing small assembly programs in Python Exomind: Framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging RevHosts: Enumerate virtual hosts for a given IP address simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API PyMangle: Command line tool and a python library used to create word lists for use with other penetration testing tools Hachoir: View and edit a binary stream field by field py-mangle: Command line tool and a python library used to create word lists for use with other penetration testing tools Other Useful Libraries And Tools IPython: Enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system Beautiful Soup: HTML parser optimized for screen-scraping matplotlib: Make 2D plots of arrays Mayavi: 3D Scientific data visualization and plotting RTGraph3D: Create dynamic graphs in 3D Twisted: Event-driven networking engine Suds: Lightweight SOAP client for consuming Web Services M2Crypto: Most complete OpenSSL wrapper NetworkX: Graph library (edges, nodes) Pandas: Library providing high-performance, easy-to-use data structures and data analysis tools pyparsing: General parsing module lxml: Most feature-rich and easy-to-use library for working with XML and HTML in the Python language Whoosh: Fast, featureful full-text indexing and searching library implemented in pure Python Pexpect: Control and automate other programs, similar to Don Libes `Expect` system Books Violent Python by TJ O'Connor. A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Grey Hat Python by Justin Seitz: Python Programming for Hackers and Reverse Engineers. Black Hat Python by Justin Seitz: Python Programming for Hackers and Pentesters Python Penetration Testing Essentials by Mohit: Employ the power of Python to get the best out of pentesting Python for Secret Agents by Steven F. Lott. Analyze, encrypt, and uncover intelligence data using Python More Stuff SecurityTube Python Scripting Expert (SPSE) is an online course and certification offered by Vivek Ramachandran. SANS offers the course SEC573: Python for Penetration Testers. The Python Arsenal for Reverse Engineering is a large collection of tools related to reverse engineering. There is a SANS paper about Python libraries helpful for forensic analysis (PDF). For more Python libaries, please have a look at PyPI, the Python Package Index. |
Python >