Pureblood Tool – web Application Penetration Testing

pureblood tool

Pureblood  Information Gathering and Security Auditing Tool

Pureblood is a Python tool that can be used during the information gathering and gaining access phases of penetration testing. Pureblood can collect useful information about target web applications, such as Banner grabbing, WHOIS record, DNS data, reverse DNS lookup, reverse IP lookup, CMS information, ports information, admin panel paths, subdomain scan results, subnet information, file and directory fuzzing, zone transfer lookup, Shodan search, and Shodan host lookup data. The security auditing features include SQL database injection and WordPress vulnerabilities analysis. Moreover, Pureblood can perform some miscellaneous tasks like generating defaced pages, random passwords, and message digests.

Information Collection about the target host is all about collecting or gathering the information of the internal structure of the target domain, which can help the testers perform a vulnerability assessment. Pureblood is an automated script that can be beneficial to penetration testers in the process of Information Gathering. Pureblood is a python language-based tool that serves itself in the Enumeration and the Exploitation phase. Pureblood can collect valuable information about targets like WHOIS Record data, DNS Data, Subdomains Information, DNS Lookup, Reverse DNS Lookup, IP Lookup, and many more. This information will make the tester more knowledgeable about the target domain. The tester can make his methodology and perform a penetration testing process by collecting this information and analyzing data.

Features of Pureblood Tool

  1. Pureblood tool can collect DNS Record data.
  2. Pureblood tool can perform Reverse DNS Lookup.
  3. Pureblood tool has some Attacking modules which can detect a vulnerability on the target domain.
  4. Pureblood is an open-source tool and free to use.
  5. Pureblood is a menu-driven script, which makes it easy to use.

Installation of Pureblood Tool on Kali Linux OS

Step 1:

Check whether Python Environment is Established or not, use the following command.

python3

Information Gathering and Security Auditing Tool

Step 2:

Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

 

 

Step 3:

You are on Desktop now create a new directory called PureBlood using the following command. In this directory, we will complete the installation of the PureBlood tool.

mkdir PureBlood

Information Gathering

Step 4:

Now switch to PureBlood directory using the following command.

cd PureBlood

 Security Auditing Tool

Step 5:

Now you have to install the tool. You have to clone the tool from Github.

sudo git clone https://github.com/cr4shcod3/pureblood

Information Gathering and Security Auditing Tool

Step 6:

The tool has been downloaded successfully in the PureBlood. Now list out the contents of the tool by using the below command.

ls

Information Gathering and Security

 

 

Step 7:

You can observe that there is a new directory created of the Pureblood tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd https-github.com-cr4scod3-pureblood

Security Auditing Tool

Step 8:

Once again to discover the contents of the tool, use the below command.

ls

Information Gathering and Security Auditing Tool

Step 9:

Download the required packages for the usage of Pureblood tool, us the following command.

pip3 install -r requirements.txt

Information Gathering and Security Auditing Tool

Step 10:

Run the pureblood.py script to open the menu of the Pureblood tool, use the following command.

python3 pureblood.py

Information Gathering and Security Auditing Tool

Working with Pureblood Tool on Kali Linux OS

Setting Target First

For a collection of information first of all we need to specify the target domain. So in the below Screenshot, we are setting up our target as https://geeksforgeeks.org.

Information Gathering and Security Auditing Tool

 

 

Example 1: Banner Grabbing

1. In this example, We will be performing the Banner Grabbing process on the target domain geeksforgeeks.org. We have selected the specified option.

Information Gathering and Security Auditing Tool

2. In the below Screenshot, We have got the results of the banner grabbing process in which the details of server, content-type, x-frame-options, etc information is retrieved.

Information Gathering and Security Auditing Tool

Example 2: Whois Data Record Lookup

1. In this Example, We will be performing  Whois Data Record Lookup on geeksforgeeks.org.

Information Gathering and Security Auditing Tool

2. In the below Screenshot, We have the Whois information about the geeksforgeeks.org target which includes registrar information, whois-server details, and much more information.

Information Gathering and Security Auditing Tool

Example 3: DNS Record

1. In this example, We will be collecting the information of DNS Record associated with our target geeksforgeeks.org

DNS Record

 

 

2. In the below Screenshot, we have got the DNS record data of geeksforgeeks.org. This will definitely help the testers of r better understanding about the target

DNS Record

Example 4: Admin Panel Scan

1. In this example, We will be performing Admin Panel Detection on geeksforgeeks.org. Admin Panel can be tested to gain the full control on the target domain

Admin Panel Scan

2. In the below Screenshot, We have got the link of Admin Panel of geeksforgeeks.org. We can test this Panel for Security Flaws.

Admin Panel Scan

Example 5: Reverse IP Lookup

1. In this Example, We will be performing Reverse IP Lookup on geeksforgeeks.org

Reverse IP Lookup

2. In the below Screenshot, Results of Reverse IP Lookup are displayed.

Reverse IP Lookup

Example 6: Extract Page Links

1. In this Example, We will be extracting the Web-pages which are associated with the target domain geeksforgeeks.org

Extract Page Links

2. In the below Screenshot, You can see that the Page links or the Web-pages which are associated to geeksforgeeks.org are displayed.

Extract Page Links

Conclusion

Pureblood can help red teamers during different stages of penetration testing. The tool gathers detailed information about target web applications. The tool can simulate SQL injection and WordPress attacks in details to identify the potential vulnerabilities and bugs in web applications.