Pentestly – Internal penetration testing framework
Penetration testing tools are evolving, having your basic compilation of programs/methods will help into identifying and exploiting any existing gap or vulnerability. Here you can check another pentest tool called pentestly. Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python.
Some of the features:
- Import NMAP XML
- Test SMB authentication using: individual credentials, file containing credentials, null credentials or NTLM hash
- Test local administrator privileges for successful SMB authentication
- Identify readable SMB shares for valid credentials
- Store Domain/Enterprise Admin account names
- Determine location of running Domain Admin processes
- Determine systems of logged in Domain Admins
- Execute Powershell commands in memory and exfil results
- Execute Mimikatz to gather plaintext password from memory (Invoke-Mimikatz.ps1)
- Receive a command shell (Powercat)
- Receive a meterpreter session (Invoke-Shellcode.ps1)

Screenshot for PENTESTLY
Pentestly is based on the following tools:
- recon-ng – Backend database for recon-ng is beautifully made and leveraged for data manipulation
- wmiexec.py – Allows us to execute Powershell commands quickly and easily via WMI
- smbmap.py – Useful utility for enumerating SMB shares
- Invoke-Mimikatz.ps1 – Implementation of Mimikatz in Powershell
- powercat.ps1 – Netcat-esque functionality in Powershell
- Invoke-Shellcode.ps1 – Deploy Meterpreter in Powershell
- CrackMapExec – Source of inspiration for the simple Mimikatz server
You can read more and download this program over the following link: https://github.com/praetorian-inc/pentestly
Subscribe
0 Comments