Pypentesting
python tools to assist in penetration testing
Install / Use
/learn @chrispetrou/PypentestingREADME
pypentesting 
This repository contains some python tools that may be of some help in pentesting, CTFs or information security assignments in general:
- revshell.py (reverse shell generator)
- shconverter.py (objdump2shellcode converter)
- explorer.py (processes dirsearch results and then pops a browser with every url we can visit)
- qrutils.py (easily decode/encode QR codes)
- vtamper.py (verb tampering/avalaibility checker)
- dnz.py (dns zone transfers)
- irc_bot.py (an IRC bot main template using twisted framework)
- fakeid.py (fake id generator)
revshell
This is a simple script to automate the process of generating a reverse-shell command like those described in pentestmonkey blog:
<img src="images/revshell.png" width="80%">Note: You can find a more updated and featured version of the revshell.py script here!
shconverter
This is a small script that takes as input an objdump output and extracts the shellcode:
<img src="images/shconverter.png" width="55%">Example - asm snippet from here:
<img src="images/shconverter1.png" width="80%">explorer
This script uses selenium with chromedriver (can work with other web-drivers also) to open every url (with a status code of 200) from a dirsearch output (specified with --plain-text-report):
qrutils
Easily decode a QR code using zxing online service or QR-encode a message using qrencode utility:
<img src="images/qrutils.png" width="55%">vtamper
Simple verb avalaibility/tampering checker. Using the -i switch it checks also for common header-vulnerabilities:
dnz
This script uses dnspython to perform DNS zone transfers easily:
irc
This script can be used as a template to built an automated IRC-bot using twisted framework.
fakeid
This script uses fakenamegenerator.com to generate a completely random person's id.
Requirements:
Note: To install the requirements (except for qrencode and chromedriver):
pip install -r requirements.txt --upgrade --user
Disclaimer
These tools are only for testing and academic purposes and can only be used where strict consent has been given. Do not use them for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by these tools, programs, scripts and software.
License
This project is licensed under the GPLv3 License - see the LICENSE file for details
Related Skills
healthcheck
351.4kHost security hardening and risk-tolerance configuration for OpenClaw deployments
node-connect
351.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
351.4kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
frontend-design
110.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
