-
Notifications
You must be signed in to change notification settings - Fork 326
Commands Reference
-
help: Print the help message.
-
exit/quit: Leave the program.
-
set: Set a variable's value.
arguments:
- interface
- gateway
- target
- file
- arpmode
- domain
- redirect
- script
- filter
examples:
pythem> set interface
[+] Enter the interface:
or
pythem> set interface wlan0
-
print: Print a variable's value.
examples:
pythem> print gateway
- scan: Make a tcp(significant-ports)/manual(port)/arp(layer-2) scan.
Should be called after setting interface and target
Targets can be IP addresses or network ranges with CIDR
arguments:
- tcp
- arp
- manual
examples:
pythem> scan
[*] Select one scan mode, options = tcp/arp/manual
[+] Scan mode: arp
or
pythem> scan tcp
pythem> scan manual
[+] Enter the port, ports (separated by commas): 21,22,25,80
- arpspoof: Start or stop an arpspoofing attack.
Optional setting arpmode to select arpspoofing mode, should be filled with rep or req
rep to spoof responses, req to spoof requests
arguments:
- start
- stop
- status
- help
examples:
pythem> arpspoof start
pythem> arpspoof stop
pythem> arpspoof status
- dhcpspoof: Start a DHCP ACK Injection spoofing attack.
If the real DHCP server ACK is faster than your host the spoofing will not work, check it with the sniffer
arguments:
- start
- stop
- status
- help
example:
pythem> dhcpspoof start
- dnsspoof: Start a dnsspoofing attack.
Should be called after an arpspoofing attack has been started
arguments:
- start
- stop
- status
- help
examples:
pythem> dnsspoof start
pythem> dnsspoof stop
pythem> dnsspoof status
- hstsbypass: Start sslstrip+ and dns2proxy
SSLstrip+ by: LeonardoNve && M.Marlinspike
DNS2Proxy by: LeonardoNve
Should be called after an ARP spoofing attack has been started
example:
pythem> arpspoof start
pythem> hstsbypass
- bdfproxy: Start BDFProxy and Metasploit combo.
BDFProxy by: JoshuaPitts
Metasploit by: Rapid7
Should be called after an ARP spoofing attack has been started
example:
pythem> arpspoof start
pythem> bdfproxy
- inject: Start a web server with a script to inject
Should be used after a arpspoof has been started
arguments:
- start
- stop
- status
- help
examples:
pythem> inject start
pythem> inject stop
- sniff: Start sniffing packets.
Should be called after setting an interface
sniff custom filters:
- http
- dns
- core | You need to try this!
All filters or none filter pass through the PytheM custom filter to minimize redundancy.
examples:
pythem> sniff http
or
pythem> sniff
[+] Enter the filter: port 1337 and host 10.0.1.5 (tcpdump-like format)
- dos: Start a Denial of Service attack (DOS).
arguments:
- dnsdrop > Start to drop DNS queries that pass through man-in-the-middle traffic.
ARP spoofing need to be initialized to block the network of the target IP address or Range.
- synflood > Start a SYN flood attack on target host, default port = 80, set port to change.
- udpflood > Start a UDP flood attack on target host, default port = 80, set port to change.
- teardrop > Start a UDP teardrop fragmentation attack.
- land > Start a LAND attack on target address, default port = 80, set port to change.
- icmpflood > Start a ICMP flood attack on target host.
- pingofdeath > Start a ping of death (P.O.D) attack on target address.
- icmpsmurf > Start a ICMP smurf attack on target host. send echo-requests with target address as source.
- dhcpstarvation > Start a DHCP starvation attack on network DHCP server. Multiple spoofed MAC dhcp discovers.
- dnsamplification > Start a DNS amplification attack on target address with given DNS servers to amplificate.
examples:
pythem> dos dnsdrop help
pythem> dos synflood
- pforensic: Start a packet-analyzer
Should be called after setting file with a .pcap file
examples:
pythem> pforensic
pforensic> help
-
help: Print the help message
-
clear: Clean the screen, same as GNU/Linux OS "clear"
-
exit/quit: Return to pythem
-
show: Display all the packets and their index numbers.
-
conversations: Display pictogram with conversations between hosts from the analyzed file.
-
packetdisplay [num]: Display the full content of index selected packet.
-
filter [string/layer]: Run a custom filter in the packets.
- xploit: Interactive stdin or tcp exploit development shell
The stdin argument should be called after setting file
The tcp argument should be called after setting target
arguments:
- stdin
- tcp
examples:
pythem> set file ./exec
pythem> xploit stdin
or
pythem> xploit
[*] Select one xploit mode, options = stdin/tcp
[+] Exploit mode:
xploit> help
-
help: Print this help message.
-
clear: Clean the screen, same as GNU/Linux OS "clear".
-
exit/quit: Return to pythem.
-
set: Set the variables values.
parameters:
-
offset > Number os 'A's to overwrite the instruction pointer.
-
addr1 > (Optional) Hexa(0xaddress) First address to overwrite after the offset.
-
addr2 > (Optional) Hexa(0xaddress) Second address to overwrite after the offset.
-
nops > (Optional) Number of NOPs after IP overwrite or after the addr1 and addr2 if they are set.
-
shellcode > (Optional) Shellcode (could be generated by msfvenom or any other).
-
lenght > Total lenght of the payload.
-
arch > Target system processor architecture.
-
print: Print a variable's value.
example:
xploit> print offset
-
decode/encode: Decode or encode a string with a chosen pattern.
examples:
xploit> decode hex
xploit> encode hex
- search: Automatically search for instructions or opcode in the binary executable.
parameters:
-
instructions
-
opcode
examples:
xploit> search
[+] Search (instructions/opcode):
or
xploit> search instructions ? - any character
[+] Find: pop ?di % - any character
xploit> search opcode
[+] Find: ffe4
-
xploit: Run the exploit after all the settings.
example:
xploit> xploit
- fuzz: Start fuzzing on subject.
If file is passed to xploit will fuzz stdin
If target is passed to xploit will fuzz tcp
The offset's value will be the number of 'A's to send.
[Default = 1]
will be increased in 1 by 1.
example:
[offset = 10]
will be increased in 10 by 10.
examples:
xploit> fuzz
Anything else will be executed in GNU debugger shell with the target file
- brute: Start a brute-force attack.
Should be called after setting a target and a word-list file path
arguments:
- ssh > ip address as target
- url > url (with http:// or https://) as target
- form > url (with http:// or https://) as target
examples:
pythem> brute form
pythem> brute ssh
- geoip: Approximately geolocate the location of an IP address.
Should be called after setting target (ip address)
examples:
pythem> geoip
or
pythem> geoip 8.8.8.8 (without setting target)
-
harvest: Harvest credentials inside file that was set, default file: sslstrip.log
example:
pythem> harvest
-
decode/encode: Decode or encode a string with a chosen pattern
examples:
pythem> decode base64
[*] String to be decoded:
or
pythem> encode hex
[*] String to be encoded:
-
cookiedecode: Decode a base64 url encoded cookie value.
example:
pythem> cookiedecode
Anything else will be executed in the terminal like ls, nano, cat, etc.