In this article, we are going to learn about a tool called Pureblood created by ChesZy2810. Pureblood is a Web Penetration Testing Framework written in Python.
About
Pureblood can perform Web Application Penetration testing And Web Application attacks. Web Application Penetration Testing includes.
Web Pentest / Information Gathering:
- Banner Grab
- Whois
- Traceroute
- DNS Record
- Reverse DNS Lookup
- Zone Transfer Lookup
- Port Scan
- Admin Panel Scan
- Subdomain Scan
- CMS Identify
- Reverse IP Lookup
- Subnet Lookup
- Extract Page Links
- Directory Fuzz (NEW)
- File Fuzz (NEW)
- Shodan Search (NEW)
- Shodan Host Lookup (NEW)
One can perform all of the above things in a web application reconnaissance or information gathering.
This Framework also provides a Web Attack list.
Web Application Attack: (NEW)
- WordPress
| WPScan
| WPScan Bruteforce
| WordPress Plugin Vulnerability Checker
Features: // I will add more soon.
| WordPress Woocommerce – Directory Craversal
| WordPress Plugin Booking Calendar 3.0.0 – SQL Injection / Cross-Site Scripting
| WordPress Plugin WP with Spritz 1.0 – Remote File Inclusion
| WordPress Plugin Events Calendar – ‘event_id’ SQL Injection - Auto SQL Injection
Features:
| Union Based
| (Error Output = False) Detection
| Tested on 100+ Websites
You can test all the WordPress Websites for the above vulnerabilities.
This Framework contains 3 types of generator
- Deface Page
- Password Generator // NEW
- Text To Hash //NEW
How to Install
It can be installed on any device with python installed in it.
$ git clone https://github.com/cr4shcod3/pureblood
$ cd pureblood
$ pip install -r requirements.txt
You can run the program by typing
$ python pureblood.py
Build With
DEMO
Web Pentest
Web Application Attack
OFFICIAL GITHUB – https://github.com/ChesZy2810/https-github.com-cr4shcod3-pureblood