-
Notifications
You must be signed in to change notification settings - Fork 326
Commands Reference
Print the help message.
Leave the program.
Set a variable's value.
arguments:
- interface
- gateway
- target
- file
- domain
- redirect
- script
- filter
examples:
pythem> set interface
[+] Enter the interface:
or
pythem> set interface wlan0
Print a variable's value.
examples:
pythem> print gateway
Make a tcp(significant-ports)/manual(port)/arp(layer-2) scan.
Should be called after setting interface and target
Targets can be IP addresses or network ranges with CIDR
arguments:
- tcp
- arp
- manual
examples:
pythem> scan
[*] Select one scan mode, options = tcp/arp/manual
[+] Scan mode: arp
or
pythem> scan tcp
pythem> scan manual
[+] Enter the port, ports (separated by commas): 21,22,25,80
Start or stop an arpspoofing attack.
arguments:
- start
- stop
- status
- help
examples:
pythem> arpspoof start
pythem> arpspoof stop
pythem> arpspoof status
Start a DHCP ACK Injection spoofing attack.
If the real DHCP server ACK is faster than your host the spoofing will not work, check it with the sniffer
arguments:
- start
- stop
- status
- help
example:
pythem> dhcpspoof start
Start a dnsspoofing attack.
Should be called after an arpspoofing attack has been started
arguments:
- start
- stop
- status
- help
examples:
pythem> dnsspoof start
pythem> dnsspoof stop
pythem> dnsspoof status
Start sslkill module
Should be called after a target, gateway and interface have been set.
example:
pythem> hstsbypass
Start a web server with a script to inject
Should be used after a arpspoof has been started
arguments:
- start
- stop
- status
- help
examples:
pythem> inject start
pythem> inject stop
Start sniffing packets.
Should be called after setting an interface
sniff custom filters:
- http
- dns
- core | You need to try this!
All filters or none filter pass through the PytheM custom filter to minimize redundancy.
examples:
pythem> sniff http
or
pythem> sniff
[+] Enter the filter: port 1337 and host 10.0.1.5 (tcpdump-like format)
Start a Denial of Service attack (DOS).
arguments:
- dnsdrop > Start to drop DNS queries that pass through man-in-the-middle traffic.
ARP spoofing need to be initialized to block the network of the target IP address or Range.
- synflood > Start a SYN flood attack on target host, default port = 80, set port to change.
- udpflood > Start a UDP flood attack on target host, default port = 80, set port to change.
- teardrop > Start a UDP teardrop fragmentation attack.
- land > Start a LAND attack on target address, default port = 80, set port to change.
- icmpflood > Start a ICMP flood attack on target host.
- pingofdeath > Start a ping of death (P.O.D) attack on target address.
- icmpsmurf > Start a ICMP smurf attack on target host. send echo-requests with target address as source.
- dhcpstarvation > Start a DHCP starvation attack on network DHCP server. Multiple spoofed MAC dhcp discovers.
- dnsamplification > Start a DNS amplification attack on target address with given DNS servers to amplificate.
examples:
pythem> dos dnsdrop help
pythem> dos synflood
Start a packet-analyzer
Should be called after setting file with a .pcap file
examples:
pythem> pforensic
pforensic> help
Print the help message
Clean the screen, same as GNU/Linux OS "clear"
Return to pythem
Display all the packets and their index numbers.
Display pictogram with conversations between hosts from the analyzed file.
Display the full content of index selected packet.
Run a custom filter in the packets.
Interactive stdin or tcp exploit development shell
The stdin argument should be called after setting file
The tcp argument should be called after setting target
arguments:
- stdin
- tcp
examples:
pythem> set file exec
pythem> xploit stdin
or
pythem> xploit
[*] Select one xploit mode, options = stdin/tcp
[+] Exploit mode:
xploit> help
Print this help message.
Clean the screen, same as GNU/Linux OS "clear".
Return to pythem.
Set the variables values.
parameters:
-
offset > Number os 'A's to overwrite the instruction pointer.
-
addr1 > (Optional) Hexa(0xaddress) First address to overwrite after the offset.
-
addr2 > (Optional) Hexa(0xaddress) Second address to overwrite after the offset.
-
nops > (Optional) Number of NOPs after IP overwrite or after the addr1 and addr2 if they are set.
-
shellcode > (Optional) Shellcode (could be generated by msfvenom or any other).
-
lenght > Total lenght of the payload.
-
arch > Target system processor architecture.
-
print:Print a variable's value.
example:
xploit> print offset
Decode or encode a string with a chosen pattern.
examples:
xploit> decode hex
xploit> encode hex
Get the shellcode of executable file
examples:
xploit> shellcode compiled_program
Automatically search for instructions or opcode in the binary executable.
parameters:
-
instructions
-
opcode
examples:
xploit> search
[+] Search (instructions/opcode):
or
xploit> search instructions ? - any character
[+] Find: pop ?di % - any character
xploit> search opcode
[+] Find: ffe4
Run the exploit after all the settings.
example:
xploit> xploit
Start fuzzing on subject.
If file is passed to xploit will fuzz stdin
If target is passed to xploit will fuzz tcp
The offset's value will be the number of 'A's to send.
[Default = 1]
will be increased in 1 by 1.
example:
[offset = 10]
will be increased in 10 by 10.
examples:
xploit> fuzz
Anything else will be executed in GNU debugger shell with the target file
Start a brute-force attack.
Should be called after setting a target and a word-list file path
arguments:
- ssh > ip address as target
- url > url (with http:// or https://) as target
- form > url (with http:// or https://) as target
examples:
pythem> brute form
pythem> brute ssh
Approximately geolocate the location of an IP address.
Should be called after setting target (ip address)
examples:
pythem> geoip
or
pythem> geoip 8.8.8.8 (without setting target)
Decode or encode a string with a chosen pattern
examples:
pythem> decode base64
[*] String to be decoded:
or
pythem> encode hex
[*] String to be encoded:
Decode a base64 url encoded cookie value.
example:
pythem> cookiedecode
Anything else will be executed in the terminal like ls, nano, cat, etc.