Introduction
Pure Blood is a Penetration Testing Framework intended for all hackers, pentesters, bug hunters and those that wants to get involved in pentesting and cybersecurity area. It’s simple tool, created for everyone who need help for daily pentesting tasks, such as information gathering (Whois, DNS Lookup, Reverse DNS Lookup, etc), vulnerability analysis, etc.
Penetration testing, also known as pentesting or ethical hacking, is the practice of testing a computer system, network/web application to find security vulnerabilities that an evil user (attacker) could exploit. Penetration testing can be automated with software apps/ programms, penetration testing frameworks or performed manually.
Pure Blood v2: A Penetration Testing Framework created for Hackers
This penetration testing tool is tested on Windows and Kali Linux, but should work on any Linux distro and OS X.
Features
Web Pentest/Information Gathering
- Banner Grab
- Whois
- Traceroute
- DNS Record
- Reverse DNS Lookup
- Zone Transfer Lookup
- Port Scan
- Admin Panel Scan
- Subdomain Scan
- CMS Identify
- Reverse IP Lookup
- Subnet Lookup
- Extract Page Links
- Directory Fuzz
- File Fuzz
- Shodan Search
- Shodan Host Lookup
Web Application Attack:
- WordPress (WPScan, WPScan Bruteforce, WordPress Plugin Vulnerability Checker)
- Auto SQL Injection
Generator:
- Deface Page
- Password Generator
- Text To Hash
Requirements:
- Python v2/3
- All from
requrements.txtfile: (colorama,requests,python-whois,dnspython,bs4,shodan)
Modules can also be installed independently.
Install
Clone it form the Pure Blood GitHub repo:
$ git clone https://github.com/cr4shcod3/pureblood
Then navigate to the Pure Blood directory and install modules (requirements.txt):
$ cd pureblood $ pip3 install -r requirements.tx
Usage
To start Pure Blood, run:
$ python3 pureblood.py
██▓███ █ ██ ██▀███ ▓█████ ▄▄▄▄ ██▓ ▒█████ ▒█████ ▓█████▄
▓██░ ██▒ ██ ▓██▒▓██ ▒ ██▒▓█ ▀ ▓█████▄ ▓██▒ ▒██▒ ██▒▒██▒ ██▒▒██▀ ██▌
▓██░ ██▓▒▓██ ▒██░▓██ ░▄█ ▒▒███ ▒██▒ ▄██▒██░ ▒██░ ██▒▒██░ ██▒░██ █▌
▒██▄█▓▒ ▒▓▓█ ░██░▒██▀▀█▄ ▒▓█ ▄ ▒██░█▀ ▒██░ ▒██ ██░▒██ ██░░▓█▄ ▌
▒██▒ ░ ░▒▒█████▓ ░██▓ ▒██▒░▒████▒░▓█ ▀█▓░██████▒░ ████▓▒░░ ████▓▒░░▒████▓
▒▓▒░ ░ ░░▒▓▒ ▒ ▒ ░ ▒▓ ░▒▓░░░ ▒░ ░░▒▓███▀▒░ ▒░▓ ░░ ▒░▒░▒░ ░ ▒░▒░▒░ ▒▒▓ ▒
░▒ ░ ░░▒░ ░ ░ ░▒ ░ ▒░ ░ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ▒ ▒░ ░ ▒ ▒░ ░ ▒ ▒
░░ ░░░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ▒ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░
--=[ Author: Cr4sHCoD3 ]=--
| -- --=[ Version: 2 ]=-- -- |
| -- --=[ Website: https://github.com/cr4shcod3 ]=-- -- |
| -- --=[ PureHackers ~ Blood Security Hackers ]=-- -- |
[ PureBlood Menu ]
01) Web Pentest / Information Gathering
02) Web Application Attack
03) Generator
99) Exit
PureBlood>
Usage is very simple. Just choose an option, pick the target and follow the instructions.
Web Pentest/Information Gathering Example:
Choose Web Pentest from menu:
PureBlood> 1 [ Web Pentest ] 01) Banner Grab 02) Whois 03) Traceroute 04) DNS Record 05) Reverse DNS Lookup 06) Zone Transfer Lookup 07) Port Scan 08) Admin Panel Scan 09) Subdomain Scan 10) CMS Identify 11) Reverse IP Lookup 12) Subnet Lookup 13) Extract Page Links 14) Directory Fuzz 15) File Fuzz 16) Shodan Search 17) Shodan Host Lookup 90) Back To Menu 95) Set Target 99) Exit PureBlood (WebPentest)>
Then select one of the options, and set the target:
PureBlood (WebPentest)> 2 PureBlood(WebPentest)> 95 [#] - Please don't put "/" in the end of the Target. PureBlood>WebPentest>(Target)> www.google.com
Result:
"domain_name": [
"GOOGLE.COM",
"google.com"
],
"registrar": "MarkMonitor, Inc.",
"whois_server": "whois.markmonitor.com",
"referral_url": null,
"updated_date": [
"2018-02-21 18:36:40",
"2018-02-21 10:45:07"
],
"creation_date": [
"1997-09-15 04:00:00",
"1997-09-15 00:00:00"
],
"expiration_date": [
"2020-09-14 04:00:00",
"2020-09-13 21:00:00"
],
"name_servers": [
"NS1.GOOGLE.COM",
"NS2.GOOGLE.COM",
"NS3.GOOGLE.COM",
"NS4.GOOGLE.COM",
"ns4.google.com",
"ns2.google.com",
"ns1.google.com",
"ns3.google.com"
],
"status": [
"clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
"clientTransferProhibited https://icann.org/epp#clientTransferProhibited",
"clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited",
"serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited",
"serverTransferProhibited https://icann.org/epp#serverTransferProhibited",
"serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited",
"clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)",
"clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)",
"clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)",
"serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)",
"serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)",
"serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)"
],
"emails": [
"abusecomplaints@markmonitor.com",
"whoisrelay@markmonitor.com"
],
"dnssec": "unsigned",
"name": null,
"org": "Google LLC",
"address": null,
"city": null,
"state": "CA",
"zipcode": null,
"country": "US"
}
Web App Attack Example:
