pythem - Penetration Testing Framework
pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more information, read the license.
Installation
Links:
Linux Installation
Dependencies Installation
NOTE: Tested only with Debian-based distros, feel free to try the dependencies installation with yum or zypper if you use Redhat-like or SUSE-like.
sudo apt-get update
sudo apt-get install -y build-essential python-dev python-pip tcpdump python-capstone \
libnetfilter-queue-dev libffi-dev libssl-devInstallation
- With pip:
sudo pip install pythem- With source:
git clone https://github.com/m4n3dw0lf/pythem
cd pythem
sudo python setup.py install- With source and pip:
git clone https://github.com/m4n3dw0lf/pythem cd pythem sudo python setup.py sdist sudo pip install dist/*
Running
- Call on a terminal (Requires root privileges):
$ sudo pythemRunning as Docker container
- Requires Docker
docker run -it --net=host --rm --name pythem m4n3dw0lf/pythemUsage
Examples
- ARP spoofing - Man-in-the-middle.
- ARP+DNS spoof - fake page redirect to credential harvester
- DHCP ACK Injection spoofing - Man-in-the-middle
- Man-in-the-middle inject BeEF hook
- SSH Brute-Force attack.
- Web page formulary brute-force
- URL content buster
- Overthrow the DNS of LAN range/IP address
- Redirect all possible DNS queries to host
- Get Shellcode from binary
- Filter strings on pcap files
- Exploit Development 1: Overwriting Instruction Pointer
- Exploit Development 2: Ret2libc
Developing
Commands Reference
Index
Core
Network, Man-in-the-middle and Denial of service (DOS)
- scan
- webcrawl
- arpspoof
- dhcpspoof
- dnsspoof
- redirect
- sniff
- dos
- pforensic
pforensic: Commands Reference
Exploit development and Reverse Engineering
- xploit
xploit: Commands Reference