Home Free Hacking Tools Pythem – Web and Network Security Audit Framework

Pythem – Web and Network Security Audit Framework

by Unallocated Author

Pythem is a python framework used for performing various security tests on networks and web applications.  These include scanning, web crawling, web application bruteforcing, ARP spoofing, DNS spoofing, DHCP spoofing, redirect webserver attack, network sniffing, and denial of service attacks. Moreover, Pythem is also loaded with other utilities, such as exploits, reverse engineering, pforensics (.pcap packets filtering), geo ip tracing, coding, and decoding.

Pythem Installation

Pythem is a python based tool that requires packages including essential, dev, pip, tcpdump, capstone, libnetfilter-queue-dev, libffi, and libssl. Install these packages using the following command before installing the Pythem framework.

sudo apt-get updatesudo apt-get install -y build-essential python-dev python-pip tcpdump python-capstone libnetfilter-queue-dev libffi-dev libssl-dev

After installaing the dependencies, Pythem can be installed using the Pip or source installation. The source installation requires cloning the framework on the Linux system using the following path.

git clone https://github.com/m4n3dw0lf/pythem

Pythem cloning

After cloning the framework, move to the Pythem folder and run the following command to complete the installation process.

cd pythem
sudo python setup.py install

Pythem installation

Using Pythem

Pythem runs from the terminal using the sudo command.

sudo pythem

The command loads almost a blank pythem interface. From here we can load any Pythem utility by just typing the commands. To know the working of each utility/feature of Pythem, just add the help argument to the desired utlity/feature. For example, if we want to use the scanning utility of Pythem, and want to know about the syntax required to perform the scanning on the target hosts, we can run the following help command to explore this feature.

scan help

The output of above command can be seen in the following screenshot.

pythem scan help

It shows the filters that can be used for scanning along with the syntax, illustrated with an example. The same procedure can be applied to all the Pythem utilities, such as sniff, dos, brute hash etc.

As mentioned above, Pythem is a multi-tasking framework that can perform various security tests on a network. For instance, if we desire to simulate the network sniffing attack, we can simply achieve this by setting the network interface and providing the host ip along with the desired port. For example, we want to monitor the network traffic for wlan0 interface on port 1337 with the host ip address as, we just type ‘sniff’ in the Pythem terminal.


Pythem prompts for the port number and the host IP address that can be provided in the following way.

port 1337 and host ip

pythem sniffer

The framework also gives the option of storing the sniffed packets using a .pcap. Once configured, the framework starts the sniffer to monitor the network traffic for the desired interface.

Besides networks security assessment, Pythem can perform web application tasks like crawling the web application links for status codes, port scanning of the target web application, and running a fake web page for credentials harvesting etc.

What Bunny rating does it get?

Pythem is a decent framework that can do some serious network security audit by running the tests like ARP spoofing, DNS spoofing, DNS redirect, DHCP ACK injection, SSH Brute-force, running shell codes, and string filtering on .pcap files. As a result we will be awarding this tool a rating of 4 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

You may also like