Top 23 Python Exploit Projects

Exploit

• Add a project

1. pwntools

   1 8 13,528 8.6 Python

   CTF framework and exploit development library

   

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. gef

   2 18 8,206 5.7 Python

   GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

   

4. DefaultCreds-cheat-sheet

   3 2 6,589 5.7 Python

   One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

   

5. PhoneSploit-Pro

   4 1 5,893 6.2 Python

   An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

   

6. AutoSploit

   5 1 5,240 0.0 Python

   Automated Mass Exploiter

   

7. wesng

   6 2 4,860 7.9 Python

   Windows Exploit Suggester - Next Generation

   

8. Ghost

   7 2 3,346 4.7 Python

   Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. (by EntySec)

   

9. APT_REPORT

   8 4 3,004 9.3 Python

   Interesting APT Report Collection And Some Special IOCs

   

10. CTF

    9 1 2,503 4.4 Python

    CTF challenge (mostly pwn) files, scripts etc (by Crypto-Cat)

    

11. pwn_jenkins

    10 2 2,092 5.5 Python

    Notes about attacking Jenkins servers

    

12. PocOrExp_in_Github

    11 1 1,165 10.0 Python

    Automatically Collect POC or EXP from GitHub by CVE ID.

    

13. featherduster

    12 1 1,130 0.0 Python

    An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

    

14. ambiguous-png-packer

    13 4 1,062 1.8 Python

    Craft PNG files that appear completely different in Apple software [NOW PATCHED]

    

15. CVE-2023-38831-winrar-exploit

    14 1 788 5.1 Python

    CVE-2023-38831 winrar exploit generator

    

16. like-dbg

    15 5 771 4.0 Python

    Fully dockerized Linux kernel debugging environment

    

17. puncia

    16 3 662 6.2 Python

    Panthera(P.)uncia - Official CLI utility for Osprey Vision, Subdomain Center & Exploit Observer.

    

18. SIET

    17 2 594 2.6 Python

    Smart Install Exploitation Tool

    

19. Telegram-Trilateration

    18 9 590 0.0 Python

    Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location

    

20. RomBuster

    19 1 543 4.6 Python

    RomBuster is a router exploitation tool that allows to disclosure network router admin password.

    

21. cve-maker

    20 6 487 5.8 Python

    Tool to find CVEs and Exploits.

    

22. Firmware_Slap

    21 1 479 0.0 Python

    Discovering vulnerabilities in firmware through concolic analysis and function clustering.

    

23. stm32f1-picopwner

    22 3 292 8.0 Python

    Dump read-out protected STM32F1's with a Pi Pico - A Pi Pico implementation of @JohannesObermaier's, Marc Schink's and Kosma Moczek's Glitch and FPB attack to bypass RDP (read-out protection) level 1 on STM32F1 chips

    

    Project mention: An Interesting Find: STM32 RDP1 Decryptor | news.ycombinator.com | 2026-03-02

    First I'd like to point out that "Decryptor" is an ill-chosen term: there's no encryption mechanism here, RDP is a software lock based on an internal flash state.

    This dongle is very likely to be this original attack https://github.com/JohannesObermaier/f103-analysis/tree/mast... but now packaged. If you want to read more this repo has the best doc: https://github.com/CTXz/stm32f1-picopwner. It's a multi-step attack where a payload is executed from persisted SRAM (RDP1 means you can read/write to it) after a quick reset. The fact that they mention freezing the chip heavily weighs in that direction since it's needed for higher clock chips.

24. pentest-ai

    23 1 266 - Python

    Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

    

    Project mention: Show HN: Ptai – an MCP that chains low-sev findings into RCE | news.ycombinator.com | 2026-05-19

Python Exploit related posts

• CR4SH3R — Tool for Detecting Vulnerabilities in WordPress Plugins

  1 project | dev.to | 21 Jun 2025

• Bit Vectors and my first steps into assembly

  2 projects | news.ycombinator.com | 25 Dec 2024

• Journey to understand format string attack (Part 1)

  1 project | dev.to | 3 Oct 2024

• GEF – GDB Enhanced Features

  1 project | news.ycombinator.com | 22 Sep 2024

• Get Exploits of CVE,GHSA,EDB,ZDI,PSS,WLB,H1,Talos and Huntr IDs with One Utility

  1 project | news.ycombinator.com | 26 Jan 2024

• Beej's Quick Guide to GDB (2009)

  3 projects | news.ycombinator.com | 5 Nov 2023

• Puncia – Subdomain and Exploit Hunter Powered by AI

  1 project | /r/hypeurls | 26 Oct 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 11 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!