Pythem is a python framework used for performing various security tests on networks and web applications. These include scanning, web crawling, web application bruteforcing, ARP spoofing, DNS spoofing, DHCP spoofing, redirect webserver attack, network sniffing, and denial of service attacks. Moreover, Pythem is also loaded with other utilities, such as exploits, reverse engineering, pforensics (.pcap packets filtering), geo ip tracing, coding, and decoding.
Pythem is a python based tool that requires packages including essential, dev, pip, tcpdump, capstone, libnetfilter-queue-dev, libffi, and libssl. Install these packages using the following command before installing the Pythem framework.
sudo apt-get updatesudo apt-get install -y build-essential python-dev python-pip tcpdump python-capstone libnetfilter-queue-dev libffi-dev libssl-dev
After installaing the dependencies, Pythem can be installed using the Pip or source installation. The source installation requires cloning the framework on the Linux system using the following path.
git clone https://github.com/m4n3dw0lf/pythem
After cloning the framework, move to the Pythem folder and run the following command to complete the installation process.
cd pythem sudo python setup.py install
Pythem runs from the terminal using the sudo command.
The command loads almost a blank pythem interface. From here we can load any Pythem utility by just typing the commands. To know the working of each utility/feature of Pythem, just add the help argument to the desired utlity/feature. For example, if we want to use the scanning utility of Pythem, and want to know about the syntax required to perform the scanning on the target hosts, we can run the following help command to explore this feature.
The output of above command can be seen in the following screenshot.
It shows the filters that can be used for scanning along with the syntax, illustrated with an example. The same procedure can be applied to all the Pythem utilities, such as sniff, dos, brute hash etc.
As mentioned above, Pythem is a multi-tasking framework that can perform various security tests on a network. For instance, if we desire to simulate the network sniffing attack, we can simply achieve this by setting the network interface and providing the host ip along with the desired port. For example, we want to monitor the network traffic for wlan0 interface on port 1337 with the host ip address as 192.168.1.1, we just type ‘sniff’ in the Pythem terminal.
Pythem prompts for the port number and the host IP address that can be provided in the following way.
port 1337 and host ip 192.168.1.1
The framework also gives the option of storing the sniffed packets using a .pcap. Once configured, the framework starts the sniffer to monitor the network traffic for the desired interface.
Besides networks security assessment, Pythem can perform web application tasks like crawling the web application links for status codes, port scanning of the target web application, and running a fake web page for credentials harvesting etc.
What Bunny rating does it get?
Pythem is a decent framework that can do some serious network security audit by running the tests like ARP spoofing, DNS spoofing, DNS redirect, DHCP ACK injection, SSH Brute-force, running shell codes, and string filtering on .pcap files. As a result we will be awarding this tool a rating of 4 out of 5 bunnies.
Want to learn more about ethical hacking?
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.