Pentestly – Internal penetration testing framework

Penetration testing tools are evolving, having your basic compilation of programs/methods will help into identifying and exploiting any existing gap or vulnerability. Here you can check another pentest tool called pentestly. Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python.

Some of the features:

  • Import NMAP XML
  • Test SMB authentication using: individual credentials, file containing credentials, null credentials or NTLM hash
  • Test local administrator privileges for successful SMB authentication
  • Identify readable SMB shares for valid credentials
  • Store Domain/Enterprise Admin account names
  • Determine location of running Domain Admin processes
  • Determine systems of logged in Domain Admins
  • Execute Powershell commands in memory and exfil results
  • Execute Mimikatz to gather plaintext password from memory (Invoke-Mimikatz.ps1)
  • Receive a command shell (Powercat)
  • Receive a meterpreter session (Invoke-Shellcode.ps1)

Screenshot for PENTESTLY

Pentestly is based on the following tools:

  • recon-ng – Backend database for recon-ng is beautifully made and leveraged for data manipulation
  • – Allows us to execute Powershell commands quickly and easily via WMI
  • – Useful utility for enumerating SMB shares
  • Invoke-Mimikatz.ps1 – Implementation of Mimikatz in Powershell
  • powercat.ps1 – Netcat-esque functionality in Powershell
  • Invoke-Shellcode.ps1 – Deploy Meterpreter in Powershell
  • CrackMapExec – Source of inspiration for the simple Mimikatz server

You can read more and download this program over the following link: