Pureblood Information Gathering and Security Auditing Tool
Pureblood is a Python tool that can be used during the information gathering and gaining access phases of penetration testing. Pureblood can collect useful information about target web applications, such as Banner grabbing, WHOIS record, DNS data, reverse DNS lookup, reverse IP lookup, CMS information, ports information, admin panel paths, subdomain scan results, subnet information, file and directory fuzzing, zone transfer lookup, Shodan search, and Shodan host lookup data. The security auditing features include SQL database injection and WordPress vulnerabilities analysis. Moreover, Pureblood can perform some miscellaneous tasks like generating defaced pages, random passwords, and message digests.
Information Collection about the target host is all about collecting or gathering the information of the internal structure of the target domain, which can help the testers perform a vulnerability assessment. Pureblood is an automated script that can be beneficial to penetration testers in the process of Information Gathering. Pureblood is a python language-based tool that serves itself in the Enumeration and the Exploitation phase. Pureblood can collect valuable information about targets like WHOIS Record data, DNS Data, Subdomains Information, DNS Lookup, Reverse DNS Lookup, IP Lookup, and many more. This information will make the tester more knowledgeable about the target domain. The tester can make his methodology and perform a penetration testing process by collecting this information and analyzing data.
- How to Hack WiFi Password from Android Smartphone
- Super Stealthy Backdoor Spreads To Hit Hundreds Of Thousands Of Web Users
Features of Pureblood Tool
- Pureblood tool can collect DNS Record data.
- Pureblood tool can perform Reverse DNS Lookup.
- Pureblood tool has some Attacking modules which can detect a vulnerability on the target domain.
- Pureblood is an open-source tool and free to use.
- Pureblood is a menu-driven script, which makes it easy to use.
Installation of Pureblood Tool on Kali Linux OS
Step 1:
Check whether Python Environment is Established or not, use the following command.
python3
Step 2:
Open up your Kali Linux terminal and move to Desktop using the following command.
cd Desktop
Step 3:
You are on Desktop now create a new directory called PureBlood using the following command. In this directory, we will complete the installation of the PureBlood tool.
mkdir PureBlood
Step 4:
Now switch to PureBlood directory using the following command.
cd PureBlood
Step 5:
Now you have to install the tool. You have to clone the tool from Github.
sudo git clone https://github.com/cr4shcod3/pureblood
Step 6:
The tool has been downloaded successfully in the PureBlood. Now list out the contents of the tool by using the below command.
ls
Step 7:
You can observe that there is a new directory created of the Pureblood tool that has been generated while we were installing the tool. Now move to that directory using the below command:
cd https-github.com-cr4scod3-pureblood
Step 8:
Once again to discover the contents of the tool, use the below command.
ls
Step 9:
Download the required packages for the usage of Pureblood tool, us the following command.
pip3 install -r requirements.txt
Step 10:
Run the pureblood.py script to open the menu of the Pureblood tool, use the following command.
python3 pureblood.py
Working with Pureblood Tool on Kali Linux OS
Setting Target First
For a collection of information first of all we need to specify the target domain. So in the below Screenshot, we are setting up our target as https://geeksforgeeks.org.
Example 1: Banner Grabbing
1. In this example, We will be performing the Banner Grabbing process on the target domain geeksforgeeks.org. We have selected the specified option.
2. In the below Screenshot, We have got the results of the banner grabbing process in which the details of server, content-type, x-frame-options, etc information is retrieved.
Example 2: Whois Data Record Lookup
1. In this Example, We will be performing Whois Data Record Lookup on geeksforgeeks.org.
2. In the below Screenshot, We have the Whois information about the geeksforgeeks.org target which includes registrar information, whois-server details, and much more information.
Example 3: DNS Record
1. In this example, We will be collecting the information of DNS Record associated with our target geeksforgeeks.org
2. In the below Screenshot, we have got the DNS record data of geeksforgeeks.org. This will definitely help the testers of r better understanding about the target
Example 4: Admin Panel Scan
1. In this example, We will be performing Admin Panel Detection on geeksforgeeks.org. Admin Panel can be tested to gain the full control on the target domain
2. In the below Screenshot, We have got the link of Admin Panel of geeksforgeeks.org. We can test this Panel for Security Flaws.
Example 5: Reverse IP Lookup
1. In this Example, We will be performing Reverse IP Lookup on geeksforgeeks.org
2. In the below Screenshot, Results of Reverse IP Lookup are displayed.
Example 6: Extract Page Links
1. In this Example, We will be extracting the Web-pages which are associated with the target domain geeksforgeeks.org
2. In the below Screenshot, You can see that the Page links or the Web-pages which are associated to geeksforgeeks.org are displayed.
Conclusion
Pureblood can help red teamers during different stages of penetration testing. The tool gathers detailed information about target web applications. The tool can simulate SQL injection and WordPress attacks in details to identify the potential vulnerabilities and bugs in web applications.