TIDoS-Framework-
The Offensive Manual Web Application Penetration Testing Framework
Disclaimer-
TIDoS is provided as a offensive web
application audit framework. It has built-in modules which can reveal potential
misconfigurations and vulnerabilities in web applications which could possibly
be exploited maliciously.
THEREFORE, THE AUTHOR AND NEITHER THE CONTRIBUTORS ARE NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OR DAMAGE DUE TO THIS TOOLKIT.
THEREFORE, THE AUTHOR AND NEITHER THE CONTRIBUTORS ARE NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OR DAMAGE DUE TO THIS TOOLKIT.
Here is some light on what the framework
is all about:
A complete
versatile framework to cover up everything from Reconnaissance to Vulnerability
Analysis.
Has 5 main phases,
subdivided into 14 sub-phases consisting a total of 108 modules.
Reconnaissance
Phase has 50 modules of its own (including active and passive recon,
information disclosure modules).
Scanning &
Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc.)
Vulnerability
Analysis Phase has 37 modules (including most common vulnerabilities in
action).
Exploits Castle has
only 1 exploit. (Purely developmental)
And finally, Auxiliaries
have got 4 modules. More under development
All four phases
each have an Auto-Awesome module which automates every module for you.
You just need the
domain, and leave everything is to this tool.
TIDoS has full
verbose out support, so you'll know what’s going on.
Fully user friendly
interaction environment. (no shits)
Installation:-
Global
Installation:
NOTE- Presently, for installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python 2 to Python 3 is already underway.
NOTE- Presently, for installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python 2 to Python 3 is already underway.
Clone the repository
locally and navigate there:
git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework
Install the
dependencies: Click here DOWNLOAD
chmod +x install
./install
Manual
Installation (Locally) :
TIDoS needs some libraries to run, which can be installed via aptitude or yumPackage Managers.
sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python-pip default-libmysqlclient-dev python-xmpp
Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
pip2 install -r requirements.txt
Thats it, You now have TIDoS at your service. Fire it up using:
python2 tidos.py
TIDoS needs some libraries to run, which can be installed via aptitude or yumPackage Managers.
sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python-pip default-libmysqlclient-dev python-xmpp
Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
pip2 install -r requirements.txt
Thats it, You now have TIDoS at your service. Fire it up using:
python2 tidos.py
Getting
Started :-
TIDoS is
built to be a comprehensive, flexible and versatile framework where you just
have to select and use modules.
So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS.
GOOD NEWS:
The latest release of TIDoS includes all API KEYS and ACCESS TOKENS for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS by default. I found these tokens on various repositories on GitHub itself. You can now use all the modules which use the API KEYS. :)
Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it, Its as easy as that.
Recommended:
Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
To update this tool, use tidos_updater.py module under tools/ folder.
So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS.
GOOD NEWS:
The latest release of TIDoS includes all API KEYS and ACCESS TOKENS for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS by default. I found these tokens on various repositories on GitHub itself. You can now use all the modules which use the API KEYS. :)
Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it, Its as easy as that.
Recommended:
Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
To update this tool, use tidos_updater.py module under tools/ folder.
Flawless Features:-
TIDoS
Framework presently supports the following: and more modules are under active
development
Reconnaissance
+ OSINT
Passive Reconnaissance:
Nping
Enumeration Via external APi
WhoIS Lookup
Domain info gathering
GeoIP Lookup
Pinpoint physical location
DNS
Configuration Lookup DNSDump
Subdomains
Lookup Indexed ones
Reverse DNS
Lookup Host Instances
Reverse IP
Lookup Hosts on same server
Subnets
Enumeration Class Based
Domain IP
History IP Instances
Web Links
Gatherer Indexed ones
Google
Search Manual search
Google
Dorking (multiple modules) Automated
Email to
Domain Resolver Email WhoIs
Wayback
Machine Lookups Find Backups
Breached
Email Check Pwned Email Accounts
Enumeration
via Google Groups Emails Only
Check Alias
Availability Social Networks
Find
PasteBin Posts Domain Based
LinkedIn
Gathering Employees & Company
Google Plus
Gathering Domain Profiles
Public
Contact Info Scraping FULL CONTACT
Censys Intel
Gathering Domain Based
Threat
Intelligence Gathering Bad IPs
Active Reconnaissance
Ping
Enumeration Advanced
CMS
Detection (185+ CMSs supported) IMPROVED
Advanced
Traceroute IMPROVED
robots.txt
and sitemap.xml Checker
Grab HTTP
Headers Live Capture
Find HTTP
Methods Allowed via OPTIONS
Detect
Server Type IMPROVED
Examine SSL
Certificate Absolute
Apache
Status Disclosure Checks File Based
WebDAV HTTP
Enumeration PROFIND & SEARCH
PHPInfo File
Enumeration via Bruteforce
Comments
Scraper Regex Based
Find Shared
DNS Hosts Name Server Based
Alternate
Sites Discovery User-Agent Based
Discover
Interesting Files via Bruteforce
Common
Backdoor Locations shells, etc.
Common
Backup Locations .bak, .db, etc.
Common
Password Locations .pgp, .skr, etc.
Common Proxy
Path Configs. .pac, etc.
Multiple
Index Paths index, index1, etc.
Common Dot
Files .htaccess, .apache, etc
Common
Logfile Locations .log, .changelog, etc
Information
Disclosure
Credit Cards
Disclosure If Plaintext
Email
Harvester IMPROVED
Fatal Errors
Enumeration Includes Full Path Disclosure
Internal IP
Disclosure Signature Based
Phone Number
Havester Signature Based
Social
Security Number Harvester US Ones
Scanning
& Enumeration
Remote
Server WAF Enumeration Generic 54 WAFs
Port
Scanning Ingenious Modules
Simple Port
Scanner via Socket Connections
TCP SYN Scan
Highly reliable
TCP Connect
Scan Highly Reliable
XMAS Flag
Scan Reliable Only in LANs
FIN Flag
Scan Reliable Only in LANs
Port Service
Detector
Web
Technology Enumeration Absolute
Complete SSL
Enumeration Absolute
Operating
System Fingerprinting IMPROVED
Banner
Grabbing of Services via Open Ports
Interactive
Scanning with NMap 16 preloaded modules
Internet
Wide Servers Scan Using CENSYS Database
Web and
Links Crawlers
Depth 1
Indexed Uri Crawler
Depth 2
Single Page Crawler
Depth 3 Web
Link Crawler
Vulnerability
Analysis
Web-Bugs
& Server Misconfigurations
Insecure CORS Absolute
Same-Site Scripting Sub-domain based
Zone Transfer DNS Server based
Clickjacking
Frame-Busting Checks
X-FRAME-OPTIONS Header Checks
Security on Cookies
HTTPOnly Flag
Secure Flag on Cookies
Cloudflare Misconfiguration Check
DNS Misconfiguration Checks
Online Database Lookup For Breaches
HTTP Strict Transport Security Usage
HTTPS Enabled but no HSTS
Domain Based Email Spoofing
Missing SPF Records
Missing DMARC Records
Host Header Injection
Port Based Web Socket Based
X-Forwarded-For Header Injection
Security Headers Analysis Live Capture
Cross-Site Tracing HTTP TRACE Method
Session Fixation via Cookie Injection
Network Security Misconfig.
Checks for TELNET Enabled via Port 23
Serious Web Vulnerabilities
File Inclusions
Local File Inclusion (LFI) Param based
Remote File Inclusion (RFI) IMPROVED
Parameter Based
Pre-loaded Path Based
OS Command Injection Linux & Windows (RCE)
Path Traversal (Sensitive Paths)
Cross-Site Request Forgery Absolute
SQL Injection
Error Based Injection
Cookie Value Based
Referer Value Based
User-Agent Value Based
Auto-gathering IMPROVED
Blind Based Injection Crafted Payloads
Cookie Value Based
Referer Value Based
User-Agent Value Based
Auto-gathering IMPROVED
LDAP Injection Parameter Based
HTML Injection Parameter Based
Bash Command Injection ShellShock
Apache Struts Shock Apache RCE
XPATH Injection Parameter Based
Cross-Site Scripting IMPROVED
Cookie Value Based
Referer Value Based
User-Agent Value Based
Parameter Value Based Manual
Unvalidated URL Forwards Open Redirect
PHP Code Injection Windows + Linux RCE
CRLF Injection HTTP Response Splitting
User-Agent Value Based
Parameter value Based Manual
Sub-domain Takeover 50+ Services
Single Sub-domain Manual
All Subdomains Automated
Other
PlainText Protocol Default Credential Bruteforce
FTP Protocol Bruteforce
SSH Protocol Bruteforce
POP 2/3 Protocol Bruteforce
SQL Protocol Bruteforce
XMPP Protocol Bruteforce
SMTP Protocol Bruteforce
TELNET Protocol Bruteforce
Auxillary Modules
Hash Generator MD5, SHA1, SHA256, SHA512
String & Payload Encoder 7 Categories
Forensic Image Analysis Metadata Extraction
Web HoneyPot Probability ShodanLabs HoneyScore
Exploitation purely developmental
ShellShock
Other Tools:
net_info.py - Displays information about your network. Located under
tools/.
tidos_updater.py - Updates the framework to the latest release via signature matching. Located under tools/.
tidos_updater.py - Updates the framework to the latest release via signature matching. Located under tools/.
TIDoS In Action:
Lets see some screenshots of TIDoS in real world pentesting action:
Version:
v1.7 [latest release] [#stable]
Upcoming:
These are some modules which I have thought of adding
Some more of Enumeraton & Information Disclosure modules.
Lots more of OSINT & Stuff (let that be a suspense).
More of Auxillary Modules.
Some Exploits are too being worked on.
Ongoing:
Working on a full-featured Web UI implementation on Flask and MongoDB and
Node.js.
Working on a new framework, a real framework. To be released with v2
Working on a campaign feature + addition of arguments.
Normal Bug Fixing Stuffs. As per the issues being raised
Some other perks:
Working on a way for contributing new modules easily.
A complete new method of multi-threaded fuzzing of parameters.
Keeping better of new console stuff.
Sources By: github.com/0xInfection/TIDoS-Framework