Penetration Testing Framework – Pure Blood [v2.0]

Last Commit: 12/08/2018

Penetration Testing Framework – Pure Blood [v2.0]

Introduction

Pure Blood is a Penetration Testing Framework intended for all hackers, pentesters, bug hunters and those that wants to get involved in pentesting and cybersecurity area. It’s simple tool, created for everyone who need help for daily pentesting tasks, such as information gathering (Whois, DNS Lookup, Reverse DNS Lookup, etc), vulnerability analysis, etc. 

PureBlood Logo
Penetration testing, also known as pentesting or ethical hacking, is the practice of testing a computer system, network/web application to find security vulnerabilities that an evil user (attacker) could exploit. Penetration testing can be automated with software apps/ programms, penetration testing frameworks or performed manually. 

Pure Blood v2: A Penetration Testing Framework created for Hackers

This penetration testing tool is tested on Windows and Kali Linux, but should work on any Linux distro and OS X.

Features

Web Pentest/Information Gathering

  • Banner Grab 
  • Whois 
  • Traceroute 
  • DNS Record 
  • Reverse DNS Lookup 
  • Zone Transfer Lookup
  • Port Scan 
  • Admin Panel Scan 
  • Subdomain Scan 
  • CMS Identify 
  • Reverse IP Lookup 
  • Subnet Lookup 
  • Extract Page Links 
  • Directory Fuzz 
  • File Fuzz 
  • Shodan Search  
  • Shodan Host Lookup

Web Application Attack:

  • WordPress (WPScan, WPScan Bruteforce, WordPress Plugin Vulnerability Checker)
  • Auto SQL Injection

Generator:

  • Deface Page 
  • Password Generator
  • Text To Hash

Requirements:

  • Python v2/3
  • All from requrements.txt file: (colorama, requests, python-whois, dnspython, bs4, shodan)

Modules can also be installed independently.

Install

Clone it form the Pure Blood GitHub repo:

$ git clone https://github.com/cr4shcod3/pureblood

Then navigate to the Pure Blood directory and install modules (requirements.txt):

$ cd pureblood
$ pip3 install -r requirements.tx

Usage

To start Pure Blood, run:

$ python3 pureblood.py
██▓███   █    ██  ██▀███  ▓█████  ▄▄▄▄    ██▓     ▒█████   ▒█████  ▓█████▄                                                                                              
▓██░ ██▒ ██ ▓██▒▓██ ▒ ██▒▓█ ▀ ▓█████▄ ▓██▒ ▒██▒ ██▒▒██▒ ██▒▒██▀ ██▌
▓██░ ██▓▒▓██ ▒██░▓██ ░▄█ ▒▒███ ▒██▒ ▄██▒██░ ▒██░ ██▒▒██░ ██▒░██ █▌
▒██▄█▓▒ ▒▓▓█ ░██░▒██▀▀█▄ ▒▓█ ▄ ▒██░█▀ ▒██░ ▒██ ██░▒██ ██░░▓█▄ ▌
▒██▒ ░ ░▒▒█████▓ ░██▓ ▒██▒░▒████▒░▓█ ▀█▓░██████▒░ ████▓▒░░ ████▓▒░░▒████▓
▒▓▒░ ░ ░░▒▓▒ ▒ ▒ ░ ▒▓ ░▒▓░░░ ▒░ ░░▒▓███▀▒░ ▒░▓ ░░ ▒░▒░▒░ ░ ▒░▒░▒░ ▒▒▓ ▒
░▒ ░ ░░▒░ ░ ░ ░▒ ░ ▒░ ░ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ▒ ▒░ ░ ▒ ▒░ ░ ▒ ▒
░░ ░░░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ▒ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░
  --=[ Author: Cr4sHCoD3 ]=--
| -- --=[ Version: 2 ]=-- -- |
| -- --=[ Website: https://github.com/cr4shcod3 ]=-- -- |
| -- --=[ PureHackers ~ Blood Security Hackers ]=-- -- |


[ PureBlood Menu ]

01) Web Pentest / Information Gathering
02) Web Application Attack
03) Generator
99) Exit

PureBlood>

Usage is very simple. Just choose an option, pick the target and follow the instructions. 

Web Pentest/Information Gathering Example:

Choose Web Pentest from menu:

PureBlood> 1
[ Web Pentest ]
01) Banner Grab
02) Whois
03) Traceroute
04) DNS Record
05) Reverse DNS Lookup
06) Zone Transfer Lookup
07) Port Scan
08) Admin Panel Scan
09) Subdomain Scan
10) CMS Identify
11) Reverse IP Lookup
12) Subnet Lookup
13) Extract Page Links
14) Directory Fuzz
15) File Fuzz
16) Shodan Search
17) Shodan Host Lookup
90) Back To Menu
95) Set Target
99) Exit

PureBlood (WebPentest)>

Then select one of the options, and set the target:

PureBlood (WebPentest)> 2

PureBlood(WebPentest)> 95
[#] - Please don't put "/" in the end of the Target.
PureBlood>WebPentest>(Target)> www.google.com

Result:

"domain_name": [
"GOOGLE.COM",
"google.com"
],
"registrar": "MarkMonitor, Inc.",
"whois_server": "whois.markmonitor.com",
"referral_url": null,
"updated_date": [
"2018-02-21 18:36:40",
"2018-02-21 10:45:07"
],
"creation_date": [
"1997-09-15 04:00:00",
"1997-09-15 00:00:00"
],
"expiration_date": [
"2020-09-14 04:00:00",
"2020-09-13 21:00:00"
],
"name_servers": [
"NS1.GOOGLE.COM",
"NS2.GOOGLE.COM",
"NS3.GOOGLE.COM",
"NS4.GOOGLE.COM",
"ns4.google.com",
"ns2.google.com",
"ns1.google.com",
"ns3.google.com"
],
"status": [
"clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
"clientTransferProhibited https://icann.org/epp#clientTransferProhibited",
"clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited",
"serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited",
"serverTransferProhibited https://icann.org/epp#serverTransferProhibited",
"serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited",
"clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)",
"clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)",
"clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)",
"serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)",
"serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)",
"serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)"
],
"emails": [
"abusecomplaints@markmonitor.com",
"whoisrelay@markmonitor.com"
],
"dnssec": "unsigned",
"name": null,
"org": "Google LLC",
"address": null,
"city": null,
"state": "CA",
"zipcode": null,
"country": "US"
}

Web App Attack Example:

PureBlood Web Attack Example
Web Application Attack Usage Example (DEMO)
Download Box