A lightweight penetration testing toolkit for testing YOUR OWN applications. Request fuzzing, SQL injection detection, and XSS scanning in a single Python script.
Browse the actual product documentation and code examples included in this toolkit.
Key features of Pentest Helper
• Request fuzzer — sends common payload patterns to discover unexpected behavior • SQL injection tester — error-based and blind injection pattern detection • XSS scanner — reflected XSS detection with encoding bypass checks • Multiple test modes — run `fuzz`, `sqli`, `xss`, or `all` in one pass • Configurable endpoints — test multiple URLs and HTTP methods from a config file • Rate limiting — built-in delays to avoid overwhelming targets
Request fuzzer — sends common payload patterns to discover unexpected behavior
SQL injection tester — error-based and blind injection pattern detection
XSS scanner — reflected XSS detection with encoding bypass checks
Multiple test modes — run `fuzz`, `sqli`, `xss`, or `all` in one pass
Configurable endpoints — test multiple URLs and HTTP methods from a config file
Rate limiting — built-in delays to avoid overwhelming targets
Configure Pentest Helper parameters to see how the product works.
# Fuzz an endpoint python src/pentest_helper.py --target https://app.example.com --mode fuzz # Test for SQL injection python src/pentest_helper.py --target https://example.com --mode sqli # Test for XSS python src/pentest_helper.py --target https://example.com --mode xss # Run all tests with JSON