{ "info": { "author": "Yannick M\u00e9heut", "author_email": "yannick@meheut.org", "bugtrack_url": null, "classifiers": [ "Environment :: Console", "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)", "Programming Language :: Python :: 2.7", "Topic :: Security" ], "description": "PywerView\n=========\n\n::\n\n ____ __ ___\n | _ \\ _ ___ _____ _ _\\ \\ / (_) _____ __\n | |_) | | | \\ \\ /\\ / / _ \\ '__\\ \\ / /| |/ _ \\ \\ /\\ / /\n | __/| |_| |\\ V V / __/ | \\ V / | | __/\\ V V /\n |_| \\__, | \\_/\\_/ \\___|_| \\_/ |_|\\___| \\_/\\_/\n |___/\n\nA (partial) Python rewriting of\n`PowerSploit `__'s\n`PowerView `__.\n\nFork me on `GitHub `__.\n\n|License| |Python versions| |GitHub release| |PyPI version|\n\nHISTORY\n-------\n\nAs a pentester, I love using PowerView during my assignments. It makes\nit so easy to find vulnerable machines, or list what domain users were\nadded to the local Administrators group of a machine, and much more.\n\nHowever, running PowerView on a computer which is not connected to the\ndomain is a pain: I always find myself using\n`mimikatz `__'s\n``sekurlsa::pth`` to run a Powershell prompt with stolen domain\ncredentials, and that's not easy to script. Plus, I'm a Linux guy and\nI've always found it a shame that there were no complete Windows/Active\nDirectory enumeration tool on Linux.\n\nThat's why I decided to rewrite some of PowerView's functionalities in\nPython, using the wonderful\n`impacket `__ library.\n\n*Update:* I haven't tested the last version of PowerView yet, which can\nrun from a machine not connected to a domain. I don't know if it works\ncorrectly under Linux using Powershell. If anyone has had any experience\nwith this at all, you can contact me, I'm really interested. We'll see\nif pywerview has become obsoleted ;) but I think I'll continue working\non it eitherway: I'd still rather use Python than Powershell on Linux,\nand I'm learning a lot! Plus, it may integrated in existing Linux tools\nwritten in Python. It's still great news that PowerView now supports\nmachines not connected to the domain!\n\nDISCLAIMER\n----------\n\nThis tool is far from complete (as you'll see in the `TODO <#todo>`__\nsection)! I still have a lot more awesome PowerView functionalities to\nimplement (the user hunting functions, the GPO functions, the local\nprocess enumeration, etc.), but I still think it can be useful as is.\n\nIt's also (very) possible that there are (many) bugs in the code: I've\nonly tested the simplest test cases. If you use this tool during an\nassignment and you get an error, please, open an issue with the error\nand the conditions that triggered this error.\n\nAlso, blah blah blah, don't use it for evil purposes.\n\nREQUIREMENTS\n------------\n\n- Python 2.7\n- impacket >= 0.9.16-dev\n\nFUNCTIONALITIES\n---------------\n\nIf you like living on the bleeding edge, check out the `development\nbranch `__.\n\nHere's the list of available commands:\n\n::\n\n $ ./pywerview.py --help\n usage: pywerview.py [-h]\n {get-adobject,get-netuser,get-netgroup,get-netcomputer,get-netdomaincontroller,get-netfileserver,get-dfsshare,get-netou,get-netsite,get-netsubnet,get-netgpo,get-domainpolicy,get-gpttmpl,get-netgpogroup,get-netgroupmember,get-netsession,get-localdisks,get-netdomain,get-netshare,get-netloggedon,get-netlocalgroup,invoke-checklocaladminaccess,get-netprocess,get-userevent,invoke-userhunter,invoke-processhunter,invoke-eventhunter}\n ...\n\n Rewriting of some PowerView's functionalities in Python\n\n optional arguments:\n -h, --help show this help message and exit\n\n Subcommands:\n Available subcommands\n\n {get-adobject,get-netuser,get-netgroup,get-netcomputer,get-netdomaincontroller,get-netfileserver,get-dfsshare,get-netou,get-netsite,get-netsubnet,get-netgpo,get-domainpolicy,get-gpttmpl,get-netgpogroup,find-gpocomputeradmin,find-gpolocation,get-netgroupmember,get-netsession,get-localdisks,get-netdomain,get-netshare,get-netloggedon,get-netlocalgroup,invoke-checklocaladminaccess,get-netprocess,get-userevent,invoke-userhunter,invoke-processhunter,invoke-eventhunter}\n get-adobject Takes a domain SID, samAccountName or name, and return\n the associated object\n get-netuser Queries information about a domain user\n get-netgroup Get a list of all current domain groups, or a list of\n groups a domain user is member of\n get-netcomputer Queries informations about domain computers\n get-netdomaincontroller\n Get a list of domain controllers for the given domain\n get-netfileserver Return a list of file servers, extracted from the\n domain users' homeDirectory, scriptPath, and\n profilePath fields\n get-dfsshare Return a list of all fault tolerant distributed file\n systems for a given domain\n get-netou Get a list of all current OUs in the domain\n get-netsite Get a list of all current sites in the domain\n get-netsubnet Get a list of all current subnets in the domain\n get-netgpo Get a list of all current GPOs in the domain\n get-domainpolicy Returns the default domain or DC policy for the\n queried domain or DC\n get-gpttmpl Helper to parse a GptTmpl.inf policy file path into a\n custom object\n get-netgpogroup Parses all GPOs in the domain that set \"Restricted\n Group\" or \"Groups.xml\"\n find-gpocomputeradmin\n Takes a computer (or OU) and determine who has\n administrative access to it via GPO\n find-gpolocation Takes a username or a group name and determine the\n computers it has administrative access to via GPO\n get-netgroupmember Return a list of members of a domain group\n get-netsession Queries a host to return a list of active sessions on\n the host (you can use local credentials instead of\n domain credentials)\n get-localdisks Queries a host to return a list of active disks on the\n host (you can use local credentials instead of domain\n credentials)\n get-netdomain Queries a host for available domains\n get-netshare Queries a host to return a list of available shares on\n the host (you can use local credentials instead of\n domain credentials)\n get-netloggedon This function will execute the NetWkstaUserEnum RPC\n call to query a given host for actively logged on\n users\n get-netlocalgroup Gets a list of members of a local group on a machine,\n or returns every local group. You can use local\n credentials instead of domain credentials, however,\n domain credentials are needed to resolve domain SIDs.\n invoke-checklocaladminaccess\n Checks if the given user has local admin access on the\n given host\n get-netprocess This function will execute the 'Select * from\n Win32_Process' WMI query to a given host for a list of\n executed process\n get-userevent This function will execute the 'Select * from\n Win32_Process' WMI query to a given host for a list of\n executed process\n invoke-userhunter Finds which machines domain users are logged into\n invoke-processhunter\n Searches machines for processes with specific name, or\n ran by specific users\n invoke-eventhunter Searches machines for events with specific name, or\n ran by specific users\n\nTake a look at the\n`wiki `__ to see a\nmore detailed usage of every command.\n\n*Attention:* in every command, the used domain name must be the\npost-Win2k UPN, and not the Win2k compatible name.\n\nFor example, my domain name is ``uselessdomain.local``. The Win2K\ncompatible name is ``USELESSDOMAIN``. In every command, I must use\n**``uselessdomain.local``** as an argument, and **not**\n``USELESSDOMAIN``.\n\nTODO\n----\n\n- Many, many more PowerView functionalities to implement. I'll now\n focus on forest functions, then inter-forest trust functions\n- Lots of rewrite due to the last version of PowerView\n- Implement a debugging mode (for easier troubleshooting)\n- Gracefully fail against Unix machines running Samba\n- Support Kerberos authentication\n- Perform range cycling in ``get-netgroupmember``\n- Manage request to the Global Catalog\n- Try to fall back to ``tcp/139`` for RPC communications if ``tcp/445``\n is closed\n- Comment, document, and clean the code\n\nTHANKS\n------\n\n- Thanks to the\n [@PowerSploit](https://github.com/PowerShellMafia/PowerSploit/) team\n for an awesome tool.\n- Thanks to [@CoreSecurity](https://github.com/CoreSecurity/) for this\n complete and comprehensive library that is\n `impacket `__.\n- Special thanks to [@asolino](https://github.com/asolino) for his help\n on developing using impacket.\n- Thanks to [@byt3bl33d3r](https://github.com/byt3bl33d3r) for his\n contributions.\n- Thanks to\n [@ThePirateWhoSmellsOfSunflowers](https://github.com/ThePirateWhoSmellsOfSunflowers)\n for his debugging, love you baby :heart:\n\nCOPYRIGHT\n---------\n\nPywerView - A Python rewriting of PowerSploit's PowerView\n\nYannick M\u00e9heut [yannick (at) meheut (dot) org] - Copyright \u00a9 2016\n\nThis program is free software: you can redistribute it and/or modify it\nunder the terms of the GNU General Public License as published by the\nFree Software Foundation, either version 3 of the License, or (at your\noption) any later version.\n\nThis program is distributed in the hope that it will be useful, but\nWITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General\nPublic License for more details.\n\nYou should have received a copy of the GNU General Public License along\nwith this program. If not, see http://www.gnu.org/licenses/.\n\n.. |License| image:: https://img.shields.io/github/license/the-useless-one/pywerview.svg?maxAge=2592000\n.. |Python versions| image:: https://img.shields.io/pypi/pyversions/pywerview.svg?maxAge=2592000\n.. |GitHub release| image:: https://img.shields.io/github/release/the-useless-one/pywerview.svg?maxAge=2592000&label=GitHub%20release\n :target: https://github.com/the-useless-one/pywerview/releases/latest\n.. |PyPI version| image:: https://img.shields.io/pypi/v/pywerview.svg?maxAge=2592000\n :target: https://pypi.python.org/pypi/pywerview", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/the-useless-one/pywerview", "keywords": "python powersploit pentesting recon active directory windows", "license": "GNU GPLv3", "maintainer": null, "maintainer_email": null, "name": "pywerview", "package_url": "https://pypi.org/project/pywerview/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/pywerview/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/the-useless-one/pywerview" }, "release_url": "https://pypi.org/project/pywerview/0.2.0/", "requires_dist": null, "requires_python": null, "summary": "A Python port of PowerSploit's PowerView", "version": "0.2.0" }, "last_serial": 2536414, "releases": { "0.1.0": [], "0.1.1": [ { "comment_text": "", "digests": { "md5": "0326ead3ff8e82d6554e02c75f50aee1", "sha256": "b83ea3c965f991502def47e1187356279bfdf12b9f1e4318b92753ded5670a8b" }, "downloads": -1, "filename": "pywerview-0.1.1.tar.gz", "has_sig": false, "md5_digest": "0326ead3ff8e82d6554e02c75f50aee1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 34627, "upload_time": "2016-09-19T21:41:24", "url": "https://files.pythonhosted.org/packages/f7/3e/e3ecf0a088d7daccb2e58537ccafa854a8e5a77a5a9a10b10f3505c111e1/pywerview-0.1.1.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "62485a76cd6cd2276b896c5b7555c3ee", "sha256": "9b254fe6911071484a83eea3bd2e25b2436773efc255bac74c0abaa1400132b8" }, "downloads": -1, "filename": "pywerview-0.2.0.tar.gz", "has_sig": false, "md5_digest": "62485a76cd6cd2276b896c5b7555c3ee", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 45665, "upload_time": "2016-12-23T11:50:40", "url": "https://files.pythonhosted.org/packages/8b/ca/fc13415e41427f5bc925ccbe80361af2bdf4c6f21c9683e28c12d0703f72/pywerview-0.2.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "62485a76cd6cd2276b896c5b7555c3ee", "sha256": "9b254fe6911071484a83eea3bd2e25b2436773efc255bac74c0abaa1400132b8" }, "downloads": -1, "filename": "pywerview-0.2.0.tar.gz", "has_sig": false, "md5_digest": "62485a76cd6cd2276b896c5b7555c3ee", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 45665, "upload_time": "2016-12-23T11:50:40", "url": "https://files.pythonhosted.org/packages/8b/ca/fc13415e41427f5bc925ccbe80361af2bdf4c6f21c9683e28c12d0703f72/pywerview-0.2.0.tar.gz" } ] }