TIDoS Framework is a comprehensive web application audit framework. let's keep this simple
The main highlights of this framework is:
- Basic first release (but huge).
- Has 4 main phases, subdivided into 13 sub-phases containing total of 91 modules.
- Reconnaissance Phase has 33 modules of its own (including active and passive reconnaissance, and information disclosure modules).
- Scanning & Enumeration Phase has got 26 modules (including port scans, WAF analysis, etc)
- Vulnerability Analysis Phase has 31 modules (including most common vulnerabilites in action.
- Exploits Castle has only 1 exploit.
(purely developemental) - All four phases each have a
Auto-Awesomemodule which automates every module for you. - You just need the domain, and leave everything is to this tool.
- TIDoS has full verbose out support, so you'll know whats going on behind.
- Fully user friendly interaction environment.
(no shits)
- Clone the repository locally and navigate there:
git clone https://github.com/theinfecteddrake/tidos.git
cd tidos
- Install the dependencies:
chmod +x install
./install
Thats it! Now you are good to go! Now lets run the tool:
tidos
TIDoS is made to be comprehensive. It is a highly flexible framework where you just have to select and use modules.
As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.
Recommended:
Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
To update this tool, use tidos_updater.py module under tools/ folder.
TIDoS Framework presently supports the following:
-
Reconnaissance + OSINT
-
Passive Reconnaissance:
- Nping Enumeration
Via external APi - WhoIS Lookup
Domain info gathering - GeoIP Lookup
Pinpoint physical location - DNS Configuration Lookup
DNSDump - Subdomains Lookup
Indexed ones - Reverse DNS Configuration Lookup
- Reverse IP Lookup
Hosts on same server - Web Links Gatherer
Indexed ones - Google Search
Manual search - Google Dorking (multiple modules)
Automated - Email to Domain Resolver
Email WhoIs - Wayback Machine Lookups
Find Backups - Breached Email Check
Pwned Email Accounts - Enumeration via Google Groups
- Check Alias Availability
Social Networks - Find PasteBin Posts
Domain Based - LinkedIn Gathering
Employees & Company
- Nping Enumeration
-
Active Reconnaissance
- Ping enumeration
Advanced - CMS Detection
(185+ CMSs supported) - Advanced Traceroute
IMPROVED - Grab HTTP Headers
Live Capture - Detect Server
IMPROVED - Examine SSL Certificate
Absolute robots.txtandsitemap.xmlChecker- Subnets Enumeration
Class Based - Find Shared DNS Hosts
Name Server Based - Operating System Fingerprinting
IMPROVED
- Ping enumeration
-
Information Disclosure
- Credit Cards Disclosure
If Plaintext - Email Harvester
IMPROVED - Fatal Errors Enumeration
Includes Full Path Disclosure - Internal IP Disclosure
Signature Based - Phone Number Havester
Signature Based - Social Security Number Harvester
US Ones
- Credit Cards Disclosure
-
-
Scanning & Enumeration
- Remote Server WAF Analysis
- Port Scanning
Ingenious Modules- Simple Port Scanner
via Socket Connections - TCP SYN Scan
Highly reliable - TCP Connect Scan
Highly Reliable - XMAS Flag Scan
Reliable Only in LANs - Fin Flag Scan
Reliable Only in LANs - Port Service Detector
- Simple Port Scanner
- Web Technology Enumeration
Absolute - Interactive Scanning with NMap
16 preloaded modules - Crawlers
- Depth 1
- Depth 2
IMPROVED
-
Vulnerability Analysis
Web-Bugs & Server Misconfigurations
- Insecure CORS
Absolute - Same-Site Scripting
Sub-domain based - Zone Transfer
DNS Server based - Clickjacking
Framable response based - Security on Cookies
HTTPOnly/Secure Flags - Cloudflare Misconfiguration Check
+ Getting Real IP - HTTP High Transport Security Usage
- Spoofable Email
Missing SPF and DMARC Records - Security Headers Analysis
Live Capture - Cross-Site Tracing
Port Based - Network Security Misconfig.
Telnet Enabled
Serious Web Vulnerabilities
- File Intrusions
- Local File Intrusion (LFI)
Param based - Remote File Inclusion (RFI)
- Parameter Based
- Pre-loaded Path Based
- Local File Intrusion (LFI)
- OS Command Injection
Linux & Windows (RCE) - Path Traversal
(Sensitive Paths) - Cross-Site Request Forgery
Absolute - SQL Injection
- Cookie Value Based
- Referer Value Based
- User-Agent Value Based
- Auto-gathering
IMPROVED - Parameter Based
Manual
- Host Header Injection
port based - Bash Command Injection
Shellshock - Cross-Site Scripting
beta- Cookie Value Based
- Referer Value Based
- User-Agent Value Based
- Parameter Value Based
Manual
- Unvalidated URL Forwards
Open Redirect - CRLF Injection and HTTP Response Splitting
- User-Agent Value Based
- Parameter value Based
Manual
Auxillaries
-
Protocol Credential Bruteforce
- FTP Bruteforce
- SSH Bruteforce
- POP 2/3 Bruteforce
- SQL Bruteforce
- XMPP Bruteforce
- SMTP Bruteforce
- TELNET Bruteforce
-
String & Payload Encoder
- URL Encode
- Base64 Encode
- HTML Encode
- Plain ASCII Encode
- Hex Encode
- Octal Encode
- Binary Encode
- GZip Encode
- Insecure CORS
-
Exploitation
purely developmental- ShellShock
There are some bruteforce modules to be added:
- Common Backups
- Common Password Locations
- Common Dot files
(eg. .htaccess) - Interesting Directories
- Interesting Filepaths
- Lots more of OSINT
This version of TIDoS is purely developmental beta. There are bugs in resolving the [99] Back at various end-points which results in blind fall-backs. Also TIDoS needs to develop more on logging all info displayed on the screen (help needed).
Put this project on a watch, since it is updated frequently (you can take a look at past commits history). This project is one of the best frameworks I have ever built and I would really like your constructive criticism, suggestions and help in converting this project into the best web penetration testing framework ever built and trust me, it will be ;).
Thank you,
@_tID | CodeSploit
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent