Pentestly Framework – Pentesting powered by Python and Powershell
Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python.
Current features
- Import NMAP XML
- Test SMB authentication using:
- individual credentials
- file containing credentials
- null credentials
- NTLM hash
- Test local administrator privileges for successful SMB authentication
- Identify readable SMB shares for valid credentials
- Store Domain/Enterprise Admin account names
- Determine location of running Domain Admin processes
- Determine systems of logged in Domain Admins
- Execute Powershell commands in memory and exfil results
- Execute Mimikatz to gather plaintext password from memory (Invoke-Mimikatz.ps1)
- Receive a command shell (Powercat)
- Receive a meterpreter session (Invoke-Shellcode.ps1)
Below are the current tools utilized in Pentestly:
- recon-ng – Backend database for recon-ng is beautifully made and leveraged in Pentestly for data manipulation
- wmiexec.py – Allows us to execute Powershell commands quickly and easily via WMI
- smbmap.py – Useful utility for enumerating SMB shares
- Invoke-Mimikatz.ps1 – Implementation of Mimikatz in Powershell
[button size=large style=round color=red align=none url=https://github.com/praetorian-inc/pentestly ]Download [/button]
