Active Members Fi8sVrs Posted February 25, 2016 Active Members Report Posted February 25, 2016 Python and Powershell internal penetration testing framework Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python. Current features Import NMAP XML Test SMB authentication using: individual credentials file containing credentials null credentials NTLM hash Test local administrator privileges for successful SMB authentication Identify readable SMB shares for valid credentials Store Domain/Enterprise Admin account names Determine location of running Domain Admin processes Determine systems of logged in Domain Admins Execute Powershell commands in memory and exfil results Execute Mimikatz to gather plaintext password from memory (Invoke-Mimikatz.ps1) Receive a command shell (Powercat) Receive a meterpreter session (Invoke-Shellcode.ps1) Shoulders of Giants Pentestly stands on the shoulders of giants. Below are the current tools utilized in Pentestly: recon-ng – Backend database for recon-ng is beautifully made and leveraged in Pentestly for data manipulation wmiexec.py – Allows us to execute Powershell commands quickly and easily via WMI smbmap.py – Useful utility for enumerating SMB shares Invoke-Mimikatz.ps1 – Implementation of Mimikatz in Powershell powercat.ps1 – Netcat-esque functionality in Powershell Invoke-Shellcode.ps1 – Deploy Meterpreter in Powershell Install git clone https://github.com/praetorian-inc/pentestly.git ./install.sh ./pentestly Source: https://n0where.net/powershell-penetration-testing-framework-pentestly/ 2 Quote
