pythem – Penetration Testing Framework

pythem is a multi-purpose pentest framework written in the Python programming language. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more information, read the license. Only runs on GNU/Linux OS.

Installation

• Installation guide

Quick-Start

$sudo apt-get update
$sudo apt-get install build-essential python-dev tcpdump python-capstone
$sudo apt-get install libnetfilter-queue-dev libffi-dev libssl-dev
$sudo git clone https://github.com/m4n3dw0lf/pythem
$cd pythem
$sudo pip install -r requirements.txt 

Run with:
$sudo ./pythem.py

Examples

• ARP spoofing – Man-in-the-middle.
• Man-in-the-middle HSTS bypass – Strip SSL
• ARP+DNS spoof – fake page redirect to credential harvester
• DHCP ACK Injection spoofing – Man-in-the-middle
• Man-in-the-middle inject BeEF hook
• SSH Brute-Force attack.
• Web page formulary brute-force
• URL content buster
• Overthrow the DNS of LAN range/IP address
• Redirect all possible DNS queries to host

Exploit Development with pythem

• Exploit Development 1: Overwriting Instruction Pointer
• Exploit Development 2: Ret2libc

Commands Reference

Index

Core

• help
• exit/quit
• set
• print

Network, Man-in-the-middle and Denial of service (DOS)

• arpspoof
• dhcpspoof
• dnsspoof
• hstsbypass
• redirect
• sniff
• dos
• pforensic
  pforensic: Commands Reference
  • help
  • clear
  • exit/quit
  • show
  • conversations
  • packetdisplay
  • filter

Exploit development and Reverse Engineering

• xploit
  xploit: Commands Reference
  • help
  • clear
  • exit/quit
  • set
  • decode/encode
  • shellcode
  • search
  • xploit
  • cheatsheet
  • fuzz

Brute Force

• brute

Utils

• geoip
• decode/encode
• cookiedecode

Source: Github