![Penetration Testing Framework – Pure Blood [v2.0]](https://cdn.cyberpunk.rs/wp-content/uploads/2018/12/pureblood_bg.jpg "Penetration Testing Framework – Pure Blood [v2.0]")
Introduction
Pure Blood is a Penetration Testing Framework intended for all hackers, pentesters, bug hunters and those that wants to get involved in pentesting and cybersecurity area. It’s simple tool, created for everyone who need help for daily pentesting tasks, such as information gathering (Whois, DNS Lookup, Reverse DNS Lookup, etc), vulnerability analysis, etc.
Penetration testing, also known as pentesting or ethical hacking, is the practice of testing a computer system, network/web application to find security vulnerabilities that an evil user (attacker) could exploit. Penetration testing can be automated with software apps/ programms, penetration testing frameworks or performed manually.
Pure Blood v2: A Penetration Testing Framework created for Hackers
This penetration testing tool is tested on Windows and Kali Linux, but should work on any Linux distro and OS X.
Features
Web Pentest/Information Gathering
- Banner Grab
- Whois
- Traceroute
- DNS Record
- Reverse DNS Lookup
- Zone Transfer Lookup
- Port Scan
- Admin Panel Scan
- Subdomain Scan
- CMS Identify
- Reverse IP Lookup
- Subnet Lookup
- Extract Page Links
- Directory Fuzz
- File Fuzz
- Shodan Search
- Shodan Host Lookup
Web Application Attack:
- WordPress (WPScan, WPScan Bruteforce, WordPress Plugin Vulnerability Checker)
- Auto SQL Injection
Generator:
- Deface Page
- Password Generator
- Text To Hash
Requirements:
- Python v2/3
- All from
requrements.txtfile: (colorama,requests,python-whois,dnspython,bs4,shodan)
Modules can also be installed independently.
Install
Clone it form the Pure Blood GitHub repo:
$ git clone https://github.com/cr4shcod3/pureblood
Then navigate to the Pure Blood directory and install modules (requirements.txt):
$ cd pureblood
$ pip3 install -r requirements.tx
Usage
To start Pure Blood, run:
$ python3 pureblood.py
██▓███ █ ██ ██▀███ ▓█████ ▄▄▄▄ ██▓ ▒█████ ▒█████ ▓█████▄
▓██░ ██▒ ██ ▓██▒▓██ ▒ ██▒▓█ ▀ ▓█████▄ ▓██▒ ▒██▒ ██▒▒██▒ ██▒▒██▀ ██▌
▓██░ ██▓▒▓██ ▒██░▓██ ░▄█ ▒▒███ ▒██▒ ▄██▒██░ ▒██░ ██▒▒██░ ██▒░██ █▌
▒██▄█▓▒ ▒▓▓█ ░██░▒██▀▀█▄ ▒▓█ ▄ ▒██░█▀ ▒██░ ▒██ ██░▒██ ██░░▓█▄ ▌
▒██▒ ░ ░▒▒█████▓ ░██▓ ▒██▒░▒████▒░▓█ ▀█▓░██████▒░ ████▓▒░░ ████▓▒░░▒████▓
▒▓▒░ ░ ░░▒▓▒ ▒ ▒ ░ ▒▓ ░▒▓░░░ ▒░ ░░▒▓███▀▒░ ▒░▓ ░░ ▒░▒░▒░ ░ ▒░▒░▒░ ▒▒▓ ▒
░▒ ░ ░░▒░ ░ ░ ░▒ ░ ▒░ ░ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ▒ ▒░ ░ ▒ ▒░ ░ ▒ ▒
░░ ░░░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ▒ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░
--=[ Author: Cr4sHCoD3 ]=--
| -- --=[ Version: 2 ]=-- -- |
| -- --=[ Website: https://github.com/cr4shcod3 ]=-- -- |
| -- --=[ PureHackers ~ Blood Security Hackers ]=-- -- |
[ PureBlood Menu ]
01) Web Pentest / Information Gathering
02) Web Application Attack
03) Generator
99) Exit
PureBlood>
Usage is very simple. Just choose an option, pick the target and follow the instructions.
Web Pentest/Information Gathering Example:
Choose Web Pentest from menu:
PureBlood> 1
[ Web Pentest ]
01) Banner Grab
02) Whois
03) Traceroute
04) DNS Record
05) Reverse DNS Lookup
06) Zone Transfer Lookup
07) Port Scan
08) Admin Panel Scan
09) Subdomain Scan
10) CMS Identify
11) Reverse IP Lookup
12) Subnet Lookup
13) Extract Page Links
14) Directory Fuzz
15) File Fuzz
16) Shodan Search
17) Shodan Host Lookup
90) Back To Menu
95) Set Target
99) Exit
PureBlood (WebPentest)>
Then select one of the options, and set the target:
PureBlood (WebPentest)> 2
PureBlood(WebPentest)> 95
[#] - Please don't put "/" in the end of the Target.
PureBlood>WebPentest>(Target)> www.google.com
Result:
"domain_name": [
"GOOGLE.COM",
"google.com"
],
"registrar": "MarkMonitor, Inc.",
"whois_server": "whois.markmonitor.com",
"referral_url": null,
"updated_date": [
"2018-02-21 18:36:40",
"2018-02-21 10:45:07"
],
"creation_date": [
"1997-09-15 04:00:00",
"1997-09-15 00:00:00"
],
"expiration_date": [
"2020-09-14 04:00:00",
"2020-09-13 21:00:00"
],
"name_servers": [
"NS1.GOOGLE.COM",
"NS2.GOOGLE.COM",
"NS3.GOOGLE.COM",
"NS4.GOOGLE.COM",
"ns4.google.com",
"ns2.google.com",
"ns1.google.com",
"ns3.google.com"
],
"status": [
"clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
"clientTransferProhibited https://icann.org/epp#clientTransferProhibited",
"clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited",
"serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited",
"serverTransferProhibited https://icann.org/epp#serverTransferProhibited",
"serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited",
"clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)",
"clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)",
"clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)",
"serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)",
"serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)",
"serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)"
],
"emails": [
"abusecomplaints@markmonitor.com",
"whoisrelay@markmonitor.com"
],
"dnssec": "unsigned",
"name": null,
"org": "Google LLC",
"address": null,
"city": null,
"state": "CA",
"zipcode": null,
"country": "US"
}
Web App Attack Example:
