Saturday, February 23, 2019
  • Big Data
  • Crypto
  • Ebooks
  • Defense
  • Linux
  • Machine Learning
  • Networking
  • Technique
  • Tips and Tricks
  • Twitter
  • Facebook

Penetration Testing

Security Training Share
Penetration Testing
Security Training Share
  • Home
  • Forensics
  • Malware Analysis
  • Network PenTest
    • Information Gathering
    • Vulnerability Analysis
    • Exploitation
      • Metasploit
    • Post Exploitation
    • Maintaining Access
    • Password Attacks
    • Sniffing & Spoofing
    • Smartphone PenTest
    • Wireless
  • Reverse Engineering
  • Programming
  • Technique
  • Web PenTest
    • Web Information Gathering
    • Web Vulnerability Analysis
    • Web Exploitation
    • Web Maintaining Access
    • Reporting
Menu Button
Penetration Testing
Security Training Share
  • Twitter
  • Facebook
Web Exploitation Web Information Gathering Web Vulnerability Analysis

TIDoS-Framework v1.7 releases: A comprehensive web-app audit framework

do son November 10, 2018 No Comments TIDoS

TIDoS Framework

TIDoS Framework is a comprehensive web application audit framework with some serious perks.

Highlights:-

The main highlights of this framework are:

  •  Basic first release (but huge).
  •  Has 4 main phases, subdivided into 13 sub-phases containing the total of 73 modules.
  •  Reconnaissance Phase has 26 modules of its own (including active reconnaissance, passive reconnaissance and information disclosure modules).
  •  Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
  •  Vulnerability Analysis Phase has 32 modules (including most common vulnerabilities in action.
  •  Exploits Castle has only 1 exploit. (that’s in alpha phase)
  •  All four phases each have an auto-awesome module which automates every module for you.
  •  You just need the domain, and leave everything is to this tool.
  •  TIDoS has full verbose out support, so you’ll know whats going on.
  •  User-friendly interaction environment. (no real shits)

Flawless Features:-

TIDoS Framework presently supports the following:

  • Reconnaissance + OSINT
    • Passive Reconnaissance:
      • Ping/Nping Enumeration
      • Whois Lookup
      • GeoIP Lookup
      • DNS Config. Lookup
      • Subdomains Lookup
      • Reverse DNS Lookup
      • Reverse IP Lookup
      • Web Links Gatherer
      • Google Search (manual search)
      • Google Dorking (multiple modules)automated
    • Active Reconnaissance
      • HPing3 enumeration (under dev)
      • CMS Detection (185+ CMSs supported)
      • Advanced Traceroute IMPROVED
      • Grab HTTP Headers
      • Detect Server IMPROVED
      • Examine SSL Certificate
      • robots.txt and sitemap.xml Checker
      • Subnets Enumeration
      • Find Shared DNS Hosts
      • Operating System Fingerprint
    • Information Disclosure
      • Credit Cards Disclosure in Plaintext
      • Email Harvester
      • Fatal Errors Enumeration Includes Full Path Disclosure checks
      • Internal IP Disclosure
      • Phone Number Harvester
      • Social Security Number Harvester
  • Scanning & Enumeration
    • Remote Server WAF Analysis
    • Port Scanning Ingenious Modules
      • Simple Port Scanner via Socket Connections
      • TCP SYN Scan
      • TCP Connect Scan
      • XMAS Flag Scan
      • Fin Flag Scan
      • Service Detector
    • Interactive Scanning with NMap 16 modules
    • Crawlers
      • Depth 1
      • Depth 2 IMPROVED
  • Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
    • Insecure CORS iCORS
    • Same-Site Scripting
    • Zone Transfer DNS Server based
    • Clickjacking Framable Response
    • Security on Cookies HTTPOnly/Secure Flags
    • Cloudflare Misconfiguration Check + Getting Real IP
    • HTTP High Transport Security Usage
    • Spoofable Email (Missing SPF and DMARC Records)
    • Security Headers Analysis
    • Cross-Site Tracing (Port Based)
    • Network Security misconfig. (Telnet Enabled)

    Serious Web Vulnerabilities

    • File Intrusions
      • Local File Intrusion (LFI)
      • Remote File Inclusion (RFI)
    • OS Command Execution Linux & Windows (RCE)
    • Path Traversal (Sensitive Paths)
    • Cross-Site Request Forgery
    • SQL Injection
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • Host Header Injection
    • Bash Command Injection Shellshock
    • Cross-Site Scripting beta
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • CRLF Injection and HTTP Response Splitting

    Auxiliaries

    • Protocol Credential Bruteforce 3 more under dev.
      • FTP Bruteforce
      • SSH Bruteforce
      • POP 2/3 Bruteforce
      • SQL Bruteforce
      • XMPP Bruteforce
      • SMTP Bruteforce
      • TELNET Bruteforce
    • String & Payload Encoder
      • URL Encode
      • Base64 Encode
      • HTML Encode
      • Plain ASCII Encode
      • Hex Encode
      • Octal Encode
      • Binary Encode
      • GZip Encode
  • Exploitation purely developmental
    • ShellShock

Changelog v1.7

  • The best part of it is that, TIDoS now has all API keys set by default!
  • Basic changes to code structure.
  • Included Travis CI integration to TIDoS.
  • Some major bug fixes and other stuff (as usual).

Installing

https://github.com/theInfectedDrake/TIDoS-Framework.git
cd tidos-framework
chmod +x install
./install

Usage

TIDoS is made to be comprehensive. It’s a highly flexible framework where you just have to select and use modules.

As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. That’s it! It’s as easy as that.

TIDoS-Framework

 

Copyright © @_tID

Source: https://github.com/theInfectedDrake/

Post navigation

Previous Previous post: Arjun v1.1 releases: finding hidden GET & POST parameters
Next Next post: MicroRenovator: Pre-OS microcode updater

Search




RSS Suggested Reading

  • CVE-2019-6340: Drupal Remote Code Execution Vulnerability Alert
  • CheckPoint publishes the WinRAR Code Execution vulnerability details
  • New TLS 1.3 protocol vulnerability, thousands of websites face data leakage risks
  • Microsoft Exchange Server and Windows DHCP Server Vulnerabilities Alert
  • Microsoft releases cumulative updates for Windows 7/8.1/Server 2012R2

RSS BREAKING NEWS

  • Cryptocurrency mining app found in the Microsoft Store
  • Trend Micro: Hackers can infect your Mac computer through a malicious Windows EXE
  • ESET found malware that exists on Play Store and steals cryptocurrency wallet in the clipboard

RSS TRENDING

  • Microsoft: Hacker continued cyber attacks against European organizations
  • Swiss e-voting system launches bug bounty program with a $150,000 bonus
  • VFEmail was hacked, all data in the US was deleted and could not be recovered

Recent Posts

  • Gorecon: All in one Reconnaissance Tool
  • drmemory 2.0.17946 releases: Memory Debugger for Windows, Linux, Mac, and Android
  • usbrip: tracking history of USB events on GNU/Linux
  • Twitter
  • Facebook
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • DMCA NOTICE
  • Submit your articles
Penetration Testing | Designed by: Theme Freesia | WordPress | © Copyright All right reserved
Top
Share
We use cookies to ensure that we give you the best experience on our website. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on Read more information.OkRead more