TIDoS-Framework v2.0 beta releases: A comprehensive web-app audit framework
TIDoS Framework
TIDoS Framework is a comprehensive web application audit framework with some serious perks.
Highlights:-
The main highlights of this framework are:
- Basic first release (but huge).
- Has 4 main phases, subdivided into 13 sub-phases containing the total of 73 modules.
- Reconnaissance Phase has 26 modules of its own (including active reconnaissance, passive reconnaissance and information disclosure modules).
- Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
- Vulnerability Analysis Phase has 32 modules (including most common vulnerabilities in action.
- Exploits Castle has only 1 exploit. (that’s in alpha phase)
- All four phases each have an auto-awesome module which automates every module for you.
- You just need the domain, and leave everything is to this tool.
- TIDoS has full verbose out support, so you’ll know whats going on.
- User-friendly interaction environment.
Flawless Features:-
TIDoS Framework presently supports the following:
- Reconnaissance + OSINT
- Passive Reconnaissance:
- Ping/Nping Enumeration
- Whois Lookup
- GeoIP Lookup
- DNS Config. Lookup
- Subdomains Lookup
- Reverse DNS Lookup
- Reverse IP Lookup
- Web Links Gatherer
- Google Search (manual search)
- Google Dorking (multiple modules)automated
- Active Reconnaissance
- HPing3 enumeration (under dev)
- CMS Detection (185+ CMSs supported)
- Advanced Traceroute IMPROVED
- Grab HTTP Headers
- Detect Server IMPROVED
- Examine SSL Certificate
- robots.txt and sitemap.xml Checker
- Subnets Enumeration
- Find Shared DNS Hosts
- Operating System Fingerprint
- Information Disclosure
- Credit Cards Disclosure in Plaintext
- Email Harvester
- Fatal Errors Enumeration Includes Full Path Disclosure checks
- Internal IP Disclosure
- Phone Number Harvester
- Social Security Number Harvester
- Passive Reconnaissance:
- Scanning & Enumeration
- Remote Server WAF Analysis
- Port Scanning Ingenious Modules
- Simple Port Scanner via Socket Connections
- TCP SYN Scan
- TCP Connect Scan
- XMAS Flag Scan
- Fin Flag Scan
- Service Detector
- Interactive Scanning with NMap 16 modules
- Crawlers
- Depth 1
- Depth 2 IMPROVED
- Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
- Insecure CORS iCORS
- Same-Site Scripting
- Zone Transfer DNS Server based
- Clickjacking Framable Response
- Security on Cookies HTTPOnly/Secure Flags
- Cloudflare Misconfiguration Check + Getting Real IP
- HTTP High Transport Security Usage
- Spoofable Email (Missing SPF and DMARC Records)
- Security Headers Analysis
- Cross-Site Tracing (Port Based)
- Network Security misconfig. (Telnet Enabled)
Serious Web Vulnerabilities
- File Intrusions
- Local File Intrusion (LFI)
- Remote File Inclusion (RFI)
- OS Command Execution Linux & Windows (RCE)
- Path Traversal (Sensitive Paths)
- Cross-Site Request Forgery
- SQL Injection
- Cookie Value-Based
- Referer Value-Based
- User-Agent Value-Based
- Host Header Injection
- Bash Command Injection Shellshock
- Cross-Site Scripting beta
- Cookie Value-Based
- Referer Value-Based
- User-Agent Value-Based
- CRLF Injection and HTTP Response Splitting
Auxiliaries
- Protocol Credential Bruteforce 3 more under dev
.- FTP Bruteforce
- SSH Bruteforce
- POP 2/3 Bruteforce
- SQL Bruteforce
- XMPP Bruteforce
- SMTP Bruteforce
- TELNET Bruteforce
- String & Payload Encoder
- URL Encode
- Base64 Encode
- HTML Encode
- Plain ASCII Encode
- Hex Encode
- Octal Encode
- Binary Encode
- GZip Encode
- Exploitation purely developmental
- ShellShock
Changelog v2.0 beta
New Features
- fully ported framework to Python 3
- new default console interface, behaving like Metasploit
- alternative CLI argument interface to interact with 1 module quickly
- alternative GUI interface powered by PyQt5
- most modules use multiprocessing to get the job done faster
- supports sites running on non-default HTTP(S) ports
- new modules: arpscan, photon, new version: pathtrav
Many bug fixes, amongst #109
WIP
- Tor: support piping attacks through Tor (95% done)
- database: save all outputs in a database (mostly done)
Installing
https://github.com/theInfectedDrake/TIDoS-Framework.git
cd tidos-framework
chmod +x install
./install
Usage
TIDoS is made to be comprehensive. It’s a highly flexible framework where you just have to select and use modules.
As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. That’s it! It’s as easy as that.
