TiDos is an offensive web application framework with lot of modules. It helps in many penetration testing task from performing recon to attacking a web application. It is built in python and is fully automated tool.
Installation :
> Go to https://github.com/0xInfection/TIDoS-Framework
Install the dependencies
2. cd tidos-framework
3. chmod +x install
4 ./install
Getting Started :-
TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.
So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS.
Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.
Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
Tidos-Framework Features :
- Reconnaissance + OSINT
Passive Reconnaissance:
- Nping Enumeration Via external APi
- WhoIS Lookup Domain info gathering
- GeoIP Lookup Pinpoint physical location
- DNS Configuration Lookup DNSDump
- Subdomains Lookup Indexed ones
- Reverse DNS Lookup Host Instances
- Reverse IP Lookup Hosts on same server
- Subnets Enumeration Class Based
- Domain IP History IP Instances
- Web Links Gatherer Indexed ones
- Google Search Manual search
- Google Dorking (multiple modules) Automated
- Email to Domain Resolver Email WhoIs
- Wayback Machine Lookups Find Backups
- Breached Email Check Pwned Email Accounts
- Enumeration via Google Groups Emails Only
- Check Alias Availability Social Networks
- Find PasteBin Posts Domain Based
- LinkedIn Gathering Employees & Company
- Google Plus Gathering Domain Profiles
- Public Contact Info Scraping FULL CONTACT
- Censys Intel Gathering Domain Based
- Threat Intelligence Gathering Bad IPs
Active Reconnaissance:
- Ping Enumeration Advanced
CMS Detection (185+ CMSs supported) IMPROVED
- Advanced Traceroute IMPROVED
- robots.txt and sitemap.xml Checker
- Grab HTTP Headers Live Capture
- Find HTTP Methods Allowed via OPTIONS
- Detect Server Type IMPROVED
- Examine SSL Certificate Absolute
- Apache Status Disclosure Checks File Based
- WebDAV HTTP Enumeration PROFIND & SEARCH
- PHPInfo File Enumeration via Bruteforce
- Comments Scraper Regex Based
- Find Shared DNS Hosts Name Server Based
- Alternate Sites Discovery User-Agent Based
- Discover Interesting Files via Bruteforce
Scanning & Enumeration
- Remote Server WAF Enumeration Generic 54 WAFs
- Port Scanning Ingenious Modules
- Simple Port Scanner via Socket Connections
- TCP SYN Scan Highly reliable
- TCP Connect Scan Highly Reliable
- XMAS Flag Scan Reliable Only in LANs
- FIN Flag Scan Reliable Only in LANs
- Port Service Detector
And much more…
Vulnerability Analysis
- Web-Bugs & Server Misconfigurations
- Insecure CORS Absolute
- Same-Site Scripting Sub-domain based
- Zone Transfer DNS Server based
- Clickjacking
- Frame-Busting Checks
- X-FRAME-OPTIONS Header Checks
- Security on Cookies
- HTTPOnly Flag
- Secure Flag on Cookies
- Cloudflare Misconfiguration Check
- DNS Misconfiguration Checks
- Online Database Lookup For Breaches
- HTTP Strict Transport Security Usage
- HTTPS Enabled but no HSTS
- Domain Based Email Spoofing
- Missing SPF Records
- Missing DMARC Records
- Host Header Injection
- Port Based Web Socket Based
- X-Forwarded-For Header Injection
- Security Headers Analysis Live Capture
- Cross-Site Tracing HTTP TRACE Method
- Session Fixation via Cookie Injection
- Network Security Misconfig.
- Checks for TELNET Enabled via Port 23
Serious Web Vulnerabilities :
- File Inclusions
- Local File Inclusion (LFI) Param based
- Remote File Inclusion (RFI) IMPROVED
- Parameter Based
- Pre-loaded Path Based
- OS Command Injection Linux & Windows (RCE)
- Path Traversal (Sensitive Paths)
- Cross-Site Request Forgery Absolute
- SQL Injection
- Error Based Injection
- Cookie Value Based
- Referer Value Based
- User-Agent Value Based
- Auto-gathering IMPROVED
- Blind Based Injection Crafted Payloads
- Cookie Value Based
- Referer Value Based
- User-Agent Value Based
- Auto-gathering IMPROVED
- LDAP Injection Parameter Based
- HTML Injection Parameter Based
- Bash Command Injection ShellShock
- Apache Struts Shock Apache RCE
- XPATH Injection Parameter Based
- Cross-Site Scripting
- Sub domain takeover
And this tool can do much more things..
Installation : https://www.youtube.com/watch?v=5a_GFWeovYI
Soratemplates is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design
0 Comments:
Post a Comment