Pentestly - Python internal penetration testing framework.

Pentestly – Python internal penetration testing framework.

Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python.

Current features:
+ Import NMAP XML
+ Test SMB authentication using:
— individual credentials
— file containing credentials
— null credentials
— NTLM hash
+ Test local administrator privileges for successful SMB authentication
+ Identify readable SMB shares for valid credentials
+ Store Domain/Enterprise Admin account names
+ Determine location of running Domain Admin processes
+ Determine systems of logged in Domain Admins
+ Execute Powershell commands in memory and exfil results
+ Execute Mimikatz to gather plaintext password from memory (Invoke-Mimikatz.ps1)
+ Receive a command shell (Powercat)
+ Receive a meterpreter session (Invoke-Shellcode.ps1)

Pentestly v0.1.0 Initial Released.

Pentestly v0.1.0 Initial Released.

Shoulders of Giants
Pentestly stands on the shoulders of giants. Below are the current tools utilized in Pentestly:
+ recon-ng – Backend database for recon-ng is beautifully made and leveraged in Pentestly for data manipulation
+ wmiexec.py – Allows us to execute Powershell commands quickly and easily via WMI
+ smbmap.py – Useful utility for enumerating SMB shares
+ Invoke-Mimikatz.ps1 – Implementation of Mimikatz in Powershell
+ powercat.ps1 – Netcat-esque functionality in Powershell
+ Invoke-Shellcode.ps1 – Deploy Meterpreter in Powershell

TODO
– Implement secretsdump.py module
– Add utility functions for database queries similar to creds, services
– Rework draw_table function to have fixed width columns
– Import credentials from Gladius
– Implement GPP password search and decrypt module
Usage & Installation:

Source: https://github.com/praetorian-inc