Thursday, May 23, 2019
  • Big Data
  • Crypto
  • Ebooks
  • Defense
  • Linux
  • Machine Learning
  • Networking
  • Technique
  • Tips and Tricks
  • Twitter
  • Facebook

Penetration Testing

Security Training Share
Penetration Testing
Security Training Share
  • Home
  • Forensics
  • Malware Analysis
  • Network PenTest
    • Information Gathering
    • Vulnerability Analysis
    • Exploitation
      • Metasploit
    • Post Exploitation
    • Maintaining Access
    • Password Attacks
    • Sniffing & Spoofing
    • Smartphone PenTest
    • Wireless
  • Reverse Engineering
  • Programming
  • Technique
  • Web PenTest
    • Web Information Gathering
    • Web Vulnerability Analysis
    • Web Exploitation
    • Web Maintaining Access
    • Reporting
Menu Button
Penetration Testing
Security Training Share
  • Twitter
  • Facebook
Web Exploitation Web Information Gathering Web Vulnerability Analysis

TIDoS-Framework v1.7 releases: A comprehensive web-app audit framework

do son November 10, 2018 No Comments TIDoS

TIDoS Framework

TIDoS Framework is a comprehensive web application audit framework with some serious perks.

Highlights:-

The main highlights of this framework are:

  •  Basic first release (but huge).
  •  Has 4 main phases, subdivided into 13 sub-phases containing the total of 73 modules.
  •  Reconnaissance Phase has 26 modules of its own (including active reconnaissance, passive reconnaissance and information disclosure modules).
  •  Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
  •  Vulnerability Analysis Phase has 32 modules (including most common vulnerabilities in action.
  •  Exploits Castle has only 1 exploit. (that’s in alpha phase)
  •  All four phases each have an auto-awesome module which automates every module for you.
  •  You just need the domain, and leave everything is to this tool.
  •  TIDoS has full verbose out support, so you’ll know whats going on.
  •  User-friendly interaction environment. (no real shits)

Flawless Features:-

TIDoS Framework presently supports the following:

  • Reconnaissance + OSINT
    • Passive Reconnaissance:
      • Ping/Nping Enumeration
      • Whois Lookup
      • GeoIP Lookup
      • DNS Config. Lookup
      • Subdomains Lookup
      • Reverse DNS Lookup
      • Reverse IP Lookup
      • Web Links Gatherer
      • Google Search (manual search)
      • Google Dorking (multiple modules)automated
    • Active Reconnaissance
      • HPing3 enumeration (under dev)
      • CMS Detection (185+ CMSs supported)
      • Advanced Traceroute IMPROVED
      • Grab HTTP Headers
      • Detect Server IMPROVED
      • Examine SSL Certificate
      • robots.txt and sitemap.xml Checker
      • Subnets Enumeration
      • Find Shared DNS Hosts
      • Operating System Fingerprint
    • Information Disclosure
      • Credit Cards Disclosure in Plaintext
      • Email Harvester
      • Fatal Errors Enumeration Includes Full Path Disclosure checks
      • Internal IP Disclosure
      • Phone Number Harvester
      • Social Security Number Harvester
  • Scanning & Enumeration
    • Remote Server WAF Analysis
    • Port Scanning Ingenious Modules
      • Simple Port Scanner via Socket Connections
      • TCP SYN Scan
      • TCP Connect Scan
      • XMAS Flag Scan
      • Fin Flag Scan
      • Service Detector
    • Interactive Scanning with NMap 16 modules
    • Crawlers
      • Depth 1
      • Depth 2 IMPROVED
  • Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
    • Insecure CORS iCORS
    • Same-Site Scripting
    • Zone Transfer DNS Server based
    • Clickjacking Framable Response
    • Security on Cookies HTTPOnly/Secure Flags
    • Cloudflare Misconfiguration Check + Getting Real IP
    • HTTP High Transport Security Usage
    • Spoofable Email (Missing SPF and DMARC Records)
    • Security Headers Analysis
    • Cross-Site Tracing (Port Based)
    • Network Security misconfig. (Telnet Enabled)

    Serious Web Vulnerabilities

    • File Intrusions
      • Local File Intrusion (LFI)
      • Remote File Inclusion (RFI)
    • OS Command Execution Linux & Windows (RCE)
    • Path Traversal (Sensitive Paths)
    • Cross-Site Request Forgery
    • SQL Injection
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • Host Header Injection
    • Bash Command Injection Shellshock
    • Cross-Site Scripting beta
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • CRLF Injection and HTTP Response Splitting

    Auxiliaries

    • Protocol Credential Bruteforce 3 more under dev.
      • FTP Bruteforce
      • SSH Bruteforce
      • POP 2/3 Bruteforce
      • SQL Bruteforce
      • XMPP Bruteforce
      • SMTP Bruteforce
      • TELNET Bruteforce
    • String & Payload Encoder
      • URL Encode
      • Base64 Encode
      • HTML Encode
      • Plain ASCII Encode
      • Hex Encode
      • Octal Encode
      • Binary Encode
      • GZip Encode
  • Exploitation purely developmental
    • ShellShock

Changelog v1.7

  • The best part of it is that, TIDoS now has all API keys set by default!
  • Basic changes to code structure.
  • Included Travis CI integration to TIDoS.
  • Some major bug fixes and other stuff (as usual).

Installing

https://github.com/theInfectedDrake/TIDoS-Framework.git
cd tidos-framework
chmod +x install
./install

Usage

TIDoS is made to be comprehensive. It’s a highly flexible framework where you just have to select and use modules.

As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. That’s it! It’s as easy as that.

TIDoS-Framework

 

Copyright © @_tID

Source: https://github.com/theInfectedDrake/

Post navigation

Previous Previous post: DECAF: binary analysis platform based on QEMU
Next Next post: MicroRenovator: Pre-OS microcode updater

Search




RSS Suggested Reading

  • SandboxEscaper continues to publish new Windows 0-day flaws on Github
  • Researcher releases the PoC exploit for unpatched Windows 10 zero-day bug
  • macOS performance drops 40% reduction after installing MDS vulnerability patch
  • CVE-2019-11815: Linux Kernel (prior to 5.0.8) Remote Code Execution Vulnerability Alert
  • How to mitigate Zombie Load Vulnerability without dropping CPU performance

RSS BREAKING NEWS

  • Fortinet found new Satan ransomware variants with more evil tricks
  • Dharma ransomware actors abuse AV tool to infect computers
  • Hacker uses brute force attacks to control 29 IoT botnets

RSS TRENDING

  • TeamViewer reveals cyber ​​attacks occurred in 2016
  • IBM X-Force: Hacktivist attacks have dropped 95% since 2015
  • Stack Overflow was under attack. There is currently no evidence about any breach of customer or user data

RSS Linux news

  • MX Linux 18.3 RC1 released, Debian-based Linux distribution
  • OpenSUSE Leap 15.1 release, Linux distributions
  • Septor Linux 2019.3 releases: Linux distribution focusing on anonymity and privacy
  • Ubuntu expands its Kernel uploaders team
  • Tails OS 3.14 releases: privacy & anonymously OS

Recent Posts

  • Metasploit 5.0.23 & 4.17.58 releases: penetration testing platform
  • ezXSS v3.0 releases: test Blind Cross Site Scripting
  • pe-sieve v0.1.8 released: searching for the modules containing in-memory code modifications

  • Twitter
  • Facebook
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • DMCA NOTICE
  • Submit your articles
Penetration Testing | Designed by: Theme Freesia | WordPress | © Copyright All right reserved
Top
Share
We use cookies to ensure that we give you the best experience on our website. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on Read more information.OkRead more