Pythem
pentest framework
pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more information, read the license. The project is written primarily in Python, distributed under the GNU General Public License v3.0 license, first published in 2016. It has gained significant community traction with 1,248 stars and 321 forks on GitHub. Key topics include: brute-force, denial-of-service, docker, exploit, fuzzer.
pythem - Penetration Testing Framework
pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more information, read the license.
Installation
Links:
<br><br>
Linux Installation
Dependencies Installation
NOTE: Tested only with Debian-based distros, feel free to try the dependencies installation with yum or zypper if you use Redhat-like or SUSE-like.
sudo apt-get update
sudo apt-get install -y build-essential python-dev python-pip tcpdump python-capstone \
libnetfilter-queue-dev libffi-dev libssl-dev
Installation
- With pip:
sudo pip install pythem
- With source:
git clone https://github.com/m4n3dw0lf/pythem
cd pythem
sudo python setup.py install
- With source and pip:
git clone https://github.com/m4n3dw0lf/pythem
cd pythem
sudo python setup.py sdist
sudo pip install dist/*
Running
- Call on a terminal (Requires root privileges):
$ sudo pythem
<br><br>
Running as Docker container
- Requires Docker
docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem
<br><br>
Usage
Examples
- ARP spoofing - Man-in-the-middle.
- ARP+DNS spoof - fake page redirect to credential harvester
- DHCP ACK Injection spoofing - Man-in-the-middle
- Man-in-the-middle inject BeEF hook
- SSH Brute-Force attack.
- Web page formulary brute-force
- URL content buster
- Overthrow the DNS of LAN range/IP address
- Redirect all possible DNS queries to host
- Get Shellcode from binary
- Filter strings on pcap files
- Exploit Development 1: Overwriting Instruction Pointer
- Exploit Development 2: Ret2libc
Developing
Commands Reference
Index
Core
Network, Man-in-the-middle and Denial of service (DOS)<br>
- scan
- webcrawl
- arpspoof
- dhcpspoof
- dnsspoof
- redirect
- sniff
- dos
- pforensic
<br>pforensic: Commands Reference<br>
Exploit development and Reverse Engineering<br>
- xploit
<br>xploit: Commands Reference<br>
Brute Force<br>
Utils<br>
Contributors
Showing top 6 contributors by commit count.
Related Repositories
vanhauser-thc/thc-hydra
hydra
k8gege/K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
GhostTroops/scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
k8gege/Ladon
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange
samsesh/SocialBox-Termux
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By samsesh for termux on android
lcvvvv/kscan
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。