The Offensive Manual Web Application Penetration Testing Framework.

 TiDos is an offensive web application framework with lot of modules. It helps in many penetration testing task from performing recon to attacking a web application. It is built in python and is fully automated tool.

Installation :

> Go to

  1. git clone

Install the dependencies

2. cd tidos-framework

3. chmod +x install

4 ./install

Getting Started :-

TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.

So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS.

Finally, as the framework opens up, enter the website name eg. and let TIDoS lead you. Thats it! Its as easy as that.

Follow the order of the tool (Run in a schematic way).

Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis

Tidos-Framework Features :

  • Reconnaissance + OSINT

Passive Reconnaissance:

  • Nping Enumeration Via external APi
  • WhoIS Lookup Domain info gathering
  • GeoIP Lookup Pinpoint physical location
  • DNS Configuration Lookup DNSDump
  • Subdomains Lookup Indexed ones
  • Reverse DNS Lookup Host Instances
  • Reverse IP Lookup Hosts on same server
  • Subnets Enumeration Class Based
  • Domain IP History IP Instances
  • Web Links Gatherer Indexed ones
  • Google Search Manual search
  • Google Dorking (multiple modules) Automated
  • Email to Domain Resolver Email WhoIs
  • Wayback Machine Lookups Find Backups
  • Breached Email Check Pwned Email Accounts
  • Enumeration via Google Groups Emails Only
  • Check Alias Availability Social Networks
  • Find PasteBin Posts Domain Based
  • LinkedIn Gathering Employees & Company
  • Google Plus Gathering Domain Profiles
  • Public Contact Info Scraping FULL CONTACT
  • Censys Intel Gathering Domain Based
  • Threat Intelligence Gathering Bad IPs

Active Reconnaissance:

  • Ping Enumeration Advanced

CMS Detection (185+ CMSs supported) IMPROVED

  • Advanced Traceroute IMPROVED
  • robots.txt and sitemap.xml Checker
  • Grab HTTP Headers Live Capture
  • Find HTTP Methods Allowed via OPTIONS
  • Detect Server Type IMPROVED
  • Examine SSL Certificate Absolute
  • Apache Status Disclosure Checks File Based
  • WebDAV HTTP Enumeration PROFIND & SEARCH
  • PHPInfo File Enumeration via Bruteforce
  • Comments Scraper Regex Based
  • Find Shared DNS Hosts Name Server Based
  • Alternate Sites Discovery User-Agent Based
  • Discover Interesting Files via Bruteforce

Scanning & Enumeration

  • Remote Server WAF Enumeration Generic 54 WAFs
  • Port Scanning Ingenious Modules
  • Simple Port Scanner via Socket Connections
  • TCP SYN Scan Highly reliable
  • TCP Connect Scan Highly Reliable
  • XMAS Flag Scan Reliable Only in LANs
  • FIN Flag Scan Reliable Only in LANs
  • Port Service Detector

And much more…

Vulnerability Analysis

  • Web-Bugs & Server Misconfigurations
  • Insecure CORS Absolute
  • Same-Site Scripting Sub-domain based
  • Zone Transfer DNS Server based
  • Clickjacking
  • Frame-Busting Checks
  • X-FRAME-OPTIONS Header Checks
  • Security on Cookies
  • HTTPOnly Flag
  • Secure Flag on Cookies
  • Cloudflare Misconfiguration Check
  • DNS Misconfiguration Checks
  • Online Database Lookup For Breaches
  • HTTP Strict Transport Security Usage
  • HTTPS Enabled but no HSTS
  • Domain Based Email Spoofing
  • Missing SPF Records
  • Missing DMARC Records
  • Host Header Injection
  • Port Based Web Socket Based
  • X-Forwarded-For Header Injection
  • Security Headers Analysis Live Capture
  • Cross-Site Tracing HTTP TRACE Method
  • Session Fixation via Cookie Injection
  • Network Security Misconfig.
  • Checks for TELNET Enabled via Port 23

Serious Web Vulnerabilities :

  • File Inclusions
  • Local File Inclusion (LFI) Param based
  • Remote File Inclusion (RFI) IMPROVED
  • Parameter Based
  • Pre-loaded Path Based
  • OS Command Injection Linux & Windows (RCE)
  • Path Traversal (Sensitive Paths)
  • Cross-Site Request Forgery Absolute
  • SQL Injection
  • Error Based Injection
  • Cookie Value Based
  • Referer Value Based
  • User-Agent Value Based
  • Auto-gathering IMPROVED
  • Blind Based Injection Crafted Payloads
  • Cookie Value Based
  • Referer Value Based
  • User-Agent Value Based
  • Auto-gathering IMPROVED
  • LDAP Injection Parameter Based
  • HTML Injection Parameter Based
  • Bash Command Injection ShellShock
  • Apache Struts Shock Apache RCE
  • XPATH Injection Parameter Based
  • Cross-Site Scripting
  • Sub domain takeover

And this tool can do much more things..

Installation :


Soratemplates is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

  • Image
  • Image
  • Image
  • Image
  • Image


Post a Comment