Pentestly Framework – Pentesting powered by Python and Powershell

Pentestly Framework – Pentesting powered by Python and Powershell

Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python.

Current features

  • Import NMAP XML
  • Test SMB authentication using:
    • individual credentials
    • file containing credentials
    • null credentials
    • NTLM hash
  • Test local administrator privileges for successful SMB authentication
  • Identify readable SMB shares for valid credentials
  • Store Domain/Enterprise Admin account names
  • Determine location of running Domain Admin processes
  • Determine systems of logged in Domain Admins
  • Execute Powershell commands in memory and exfil results
  • Execute Mimikatz to gather plaintext password from memory (Invoke-Mimikatz.ps1)
  • Receive a command shell (Powercat)
  • Receive a meterpreter session (Invoke-Shellcode.ps1)

Below are the current tools utilized in Pentestly:

  • recon-ng – Backend database for recon-ng is beautifully made and leveraged in Pentestly for data manipulation
  • wmiexec.py – Allows us to execute Powershell commands quickly and easily via WMI
  • smbmap.py – Useful utility for enumerating SMB shares
  • Invoke-Mimikatz.ps1 – Implementation of Mimikatz in Powershell

[button size=large style=round color=red align=none url=https://github.com/praetorian-inc/pentestly ]Download [/button]

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.