⚠️For Cybersecurity Professionals and Educational Purposes Only! Use only on hosts/networks you own or have permission to test!

I develop my own custom pentesting tools, so here is the list of the tools I have developed so far in 2026:

Tools:

  1. FaceSniffer is a PCAP files analyzer that intercepts network traffic using Scapy and identifies human faces in captured images via OpenCV: https://github.com/Zauzanov/pcap-analyzer
  2. MockPacket is essentially a "Network Simulator in a Box." Instead of having to open a browser and capture traffic with Wireshark manually, it "hand-crafts" the traffic from scratch: https://github.com/Zauzanov/MockPacket
  3. Gort is a TCP scanner written in Go: https://github.com/Zauzanov/Gort
  4. UniBrute is a multi-threaded web content discovery tool for finding hidden web content using a wordlist + common extensions. Built for security labs and CTF practice: https://github.com/Zauzanov/UniBrute
  5. wp-mapper is a Python-based WordPress mapper, a small content-discovery tool that uses a local WordPress directory tree as a wordlist to enumerate a target site. For lab/authorized testing: https://github.com/Zauzanov/wp-mapper
  6. wp-kllr is a Python pentest-lab project for authorized authentication workflow testing, session handling, HTML form parsing, and multithreaded request automation in a controlled environment — a local WordPress setup: https://github.com/Zauzanov/wp-kllr
  7. Burp Fuzzer is a custom Burp Suite Intruder extension for generating payloads used in web security testing, fuzzing, and pentesting experiments: https://github.com/Zauzanov/burp-extensions/tree/main/burp_fuzzer
  8. Burp urlscan extension is a Burp passive recon helper that takes a selected host, searches urlscan.io historical scan data for related pages and infrastructure, prints the findings, and adds discovered URLs into Burp scope for follow-up analysis: https://github.com/Zauzanov/burp-extensions/tree/main/burp_urlscan_passive_recon
  9. Burp Website Wordlist Generator — is a Burp extension that generates a wordlist based on a website's text content to create a targeted dictionary for pentesting: https://github.com/Zauzanov/burp-extensions/tree/main/burp_website_wordlist_generator
  10. PortPy is a full-featured port scanner with multiple scan types for Unix-like systems. Supporting: syn, ack, fin, xmas, tcp-connect: https://github.com/Zauzanov/PortPy

Labs and Frameworks:

  1. Ricochet is a hands-on learning repository for web application penetration testing using Python, focusing on HTTP libraries, enumeration techniques, and understanding application structure through code: https://github.com/Zauzanov/ricochet
  2. Pentest Algorithms is a collection of core algorithms demonstrated through real-world cybersecurity and penetration testing use cases: https://github.com/Zauzanov/pentest-algorithms
  3. Burp Extensions is a collection of custom Burp Suite extensions for penetration testing, workflow automation, and web security research: https://github.com/Zauzanov/burp-extensions

Side projects:

  1. Skyfall Alert is a Python-based monitoring system that automatically scans global news sources for reports of fallen meteorites, sends real-time Telegram notifications, and visualizes detected events on an interactive world map: https://github.com/Zauzanov/skyfall-alert
  2. Human Host is a cybernetic framework for distributed social memory that models social interactions as a distributed computing network. The project investigates mechanisms for cognitive offloading from individual working memory to social nodes (agents): https://github.com/Zauzanov/human-host

That's it!

Feel free to use them on hosts/networks you own or have permission to test!

I hope you found this material useful.

Subscribe to my youtube channel @securesofar if you want to learn more about cybersecurity and cybernetics. I am going to cover a lot of conceptual things there.

None

Stay Secure!