TIDoS Framework is a comprehensive web application audit framework. let's keep this simple
The main highlights of this framework is:
- Basic first release (but huge).
- Has 4 main phases, subdivided into 13 sub-phases containing total of 91 modules.
- Reconnaissance Phase has 33 modules of its own (including active and passive reconnaissance, and information disclosure modules).
- Scanning & Enumeration Phase has got 26 modules (including port scans, WAF analysis, etc)
- Vulnerability Analysis Phase has 31 modules (including most common vulnerabilites in action.
- Exploits Castle has only 1 exploit.
(purely developemental)
- All four phases each have a
Auto-Awesome
module which automates every module for you. - You just need the domain, and leave everything is to this tool.
- TIDoS has full verbose out support, so you'll know whats going on behind.
- Fully user friendly interaction environment.
(no shits)
- Clone the repository locally and navigate there:
git clone https://github.com/theinfecteddrake/tidos.git
cd tidos
- Install the dependencies:
chmod +x install
./install
Thats it! Now you are good to go! Now lets run the tool:
tidos
TIDoS is made to be comprehensive. It is a highly flexible framework where you just have to select and use modules.
As the framework opens up, enter the website name eg. http://www.example.com
and let TIDoS lead you. Thats it! Its as easy as that.
Recommended:
Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
To update this tool, use tidos_updater.py
module under tools/
folder.
TIDoS Framework presently supports the following:
-
Reconnaissance + OSINT
-
Passive Reconnaissance:
- Nping Enumeration
Via external APi
- WhoIS Lookup
Domain info gathering
- GeoIP Lookup
Pinpoint physical location
- DNS Configuration Lookup
DNSDump
- Subdomains Lookup
Indexed ones
- Reverse DNS Configuration Lookup
- Reverse IP Lookup
Hosts on same server
- Web Links Gatherer
Indexed ones
- Google Search
Manual search
- Google Dorking (multiple modules)
Automated
- Email to Domain Resolver
Email WhoIs
- Wayback Machine Lookups
Find Backups
- Breached Email Check
Pwned Email Accounts
- Enumeration via Google Groups
- Check Alias Availability
Social Networks
- Find PasteBin Posts
Domain Based
- LinkedIn Gathering
Employees & Company
- Nping Enumeration
-
Active Reconnaissance
- Ping enumeration
Advanced
- CMS Detection
(185+ CMSs supported)
- Advanced Traceroute
IMPROVED
- Grab HTTP Headers
Live Capture
- Detect Server
IMPROVED
- Examine SSL Certificate
Absolute
robots.txt
andsitemap.xml
Checker- Subnets Enumeration
Class Based
- Find Shared DNS Hosts
Name Server Based
- Operating System Fingerprinting
IMPROVED
- Ping enumeration
-
Information Disclosure
- Credit Cards Disclosure
If Plaintext
- Email Harvester
IMPROVED
- Fatal Errors Enumeration
Includes Full Path Disclosure
- Internal IP Disclosure
Signature Based
- Phone Number Havester
Signature Based
- Social Security Number Harvester
US Ones
- Credit Cards Disclosure
-
-
Scanning & Enumeration
- Remote Server WAF Analysis
- Port Scanning
Ingenious Modules
- Simple Port Scanner
via Socket Connections
- TCP SYN Scan
Highly reliable
- TCP Connect Scan
Highly Reliable
- XMAS Flag Scan
Reliable Only in LANs
- Fin Flag Scan
Reliable Only in LANs
- Port Service Detector
- Simple Port Scanner
- Web Technology Enumeration
Absolute
- Interactive Scanning with NMap
16 preloaded modules
- Crawlers
- Depth 1
- Depth 2
IMPROVED
-
Vulnerability Analysis
Web-Bugs & Server Misconfigurations
- Insecure CORS
Absolute
- Same-Site Scripting
Sub-domain based
- Zone Transfer
DNS Server based
- Clickjacking
Framable response based
- Security on Cookies
HTTPOnly/Secure Flags
- Cloudflare Misconfiguration Check
+ Getting Real IP
- HTTP High Transport Security Usage
- Spoofable Email
Missing SPF and DMARC Records
- Security Headers Analysis
Live Capture
- Cross-Site Tracing
Port Based
- Network Security Misconfig.
Telnet Enabled
Serious Web Vulnerabilities
- File Intrusions
- Local File Intrusion (LFI)
Param based
- Remote File Inclusion (RFI)
- Parameter Based
- Pre-loaded Path Based
- Local File Intrusion (LFI)
- OS Command Injection
Linux & Windows (RCE)
- Path Traversal
(Sensitive Paths)
- Cross-Site Request Forgery
Absolute
- SQL Injection
- Cookie Value Based
- Referer Value Based
- User-Agent Value Based
- Auto-gathering
IMPROVED
- Parameter Based
Manual
- Host Header Injection
port based
- Bash Command Injection
Shellshock
- Cross-Site Scripting
beta
- Cookie Value Based
- Referer Value Based
- User-Agent Value Based
- Parameter Value Based
Manual
- Unvalidated URL Forwards
Open Redirect
- CRLF Injection and HTTP Response Splitting
- User-Agent Value Based
- Parameter value Based
Manual
Auxillaries
-
Protocol Credential Bruteforce
- FTP Bruteforce
- SSH Bruteforce
- POP 2/3 Bruteforce
- SQL Bruteforce
- XMPP Bruteforce
- SMTP Bruteforce
- TELNET Bruteforce
-
String & Payload Encoder
- URL Encode
- Base64 Encode
- HTML Encode
- Plain ASCII Encode
- Hex Encode
- Octal Encode
- Binary Encode
- GZip Encode
- Insecure CORS
-
Exploitation
purely developmental
- ShellShock
There are some bruteforce modules to be added:
- Common Backups
- Common Password Locations
- Common Dot files
(eg. .htaccess)
- Interesting Directories
- Interesting Filepaths
- Lots more of OSINT
This version of TIDoS is purely developmental beta
. There are bugs in resolving the [99] Back
at various end-points which results in blind fall-backs. Also TIDoS needs to develop more on logging all info displayed on the screen (help needed)
.
Put this project on a watch, since it is updated frequently (you can take a look at past commits history)
. This project is one of the best frameworks I have ever built and I would really like your constructive criticism, suggestions and help in converting this project into the best web penetration testing framework ever built and trust me, it will be ;)
.
Thank you,
@_tID | CodeSploit