Skip to content

Penetration Testing

  • Home
  • Forensics
  • Malware Analysis
  • Network PenTest
    • Information Gathering
    • Vulnerability Analysis
    • Exploitation
      • Metasploit
    • Post Exploitation
    • Maintaining Access
    • Password Attacks
    • Sniffing & Spoofing
    • Smartphone PenTest
    • Wireless
  • Reverse Engineering
  • Programming
  • Technique
  • Web PenTest
    • Web Information Gathering
    • Web Vulnerability Analysis
    • Web Exploitation
    • Web Maintaining Access
    • Reporting
  • Big Data
  • Crypto
  • Ebooks
  • Defense
  • Linux
  • Machine Learning
  • Networking
  • Technique
  • Tips and Tricks

Penetration Testing

Information Security

  • Home
  • Forensics
  • Malware Analysis
  • Network PenTest
    • Information Gathering
    • Vulnerability Analysis
    • Exploitation
      • Metasploit
    • Post Exploitation
    • Maintaining Access
    • Password Attacks
    • Sniffing & Spoofing
    • Smartphone PenTest
    • Wireless
  • Reverse Engineering
  • Programming
  • Technique
  • Web PenTest
    • Web Information Gathering
    • Web Vulnerability Analysis
    • Web Exploitation
    • Web Maintaining Access
    • Reporting
  • Web Exploitation / Web Information Gathering / Web Vulnerability Analysis

TIDoS-Framework v2.0 beta releases: A comprehensive web-app audit framework

by do son · Published November 10, 2018 · Updated January 26, 2021

TIDoS Framework

TIDoS Framework is a comprehensive web application audit framework with some serious perks.

Highlights:-

The main highlights of this framework are:

  •  Basic first release (but huge).
  •  Has 4 main phases, subdivided into 13 sub-phases containing the total of 73 modules.
  •  Reconnaissance Phase has 26 modules of its own (including active reconnaissance, passive reconnaissance and information disclosure modules).
  •  Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
  •  Vulnerability Analysis Phase has 32 modules (including most common vulnerabilities in action.
  •  Exploits Castle has only 1 exploit. (that’s in alpha phase)
  •  All four phases each have an auto-awesome module which automates every module for you.
  •  You just need the domain, and leave everything is to this tool.
  •  TIDoS has full verbose out support, so you’ll know whats going on.
  • User-friendly interaction environment.

Flawless Features:-

TIDoS Framework presently supports the following:

  • Reconnaissance + OSINT
    • Passive Reconnaissance:
      • Ping/Nping Enumeration
      • Whois Lookup
      • GeoIP Lookup
      • DNS Config. Lookup
      • Subdomains Lookup
      • Reverse DNS Lookup
      • Reverse IP Lookup
      • Web Links Gatherer
      • Google Search (manual search)
      • Google Dorking (multiple modules)automated
    • Active Reconnaissance
      • HPing3 enumeration (under dev)
      • CMS Detection (185+ CMSs supported)
      • Advanced Traceroute IMPROVED
      • Grab HTTP Headers
      • Detect Server IMPROVED
      • Examine SSL Certificate
      • robots.txt and sitemap.xml Checker
      • Subnets Enumeration
      • Find Shared DNS Hosts
      • Operating System Fingerprint
    • Information Disclosure
      • Credit Cards Disclosure in Plaintext
      • Email Harvester
      • Fatal Errors Enumeration Includes Full Path Disclosure checks
      • Internal IP Disclosure
      • Phone Number Harvester
      • Social Security Number Harvester
  • Scanning & Enumeration
    • Remote Server WAF Analysis
    • Port Scanning Ingenious Modules
      • Simple Port Scanner via Socket Connections
      • TCP SYN Scan
      • TCP Connect Scan
      • XMAS Flag Scan
      • Fin Flag Scan
      • Service Detector
    • Interactive Scanning with NMap 16 modules
    • Crawlers
      • Depth 1
      • Depth 2 IMPROVED
  • Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
    • Insecure CORS iCORS
    • Same-Site Scripting
    • Zone Transfer DNS Server based
    • Clickjacking Framable Response
    • Security on Cookies HTTPOnly/Secure Flags
    • Cloudflare Misconfiguration Check + Getting Real IP
    • HTTP High Transport Security Usage
    • Spoofable Email (Missing SPF and DMARC Records)
    • Security Headers Analysis
    • Cross-Site Tracing (Port Based)
    • Network Security misconfig. (Telnet Enabled)

    Serious Web Vulnerabilities

    • File Intrusions
      • Local File Intrusion (LFI)
      • Remote File Inclusion (RFI)
    • OS Command Execution Linux & Windows (RCE)
    • Path Traversal (Sensitive Paths)
    • Cross-Site Request Forgery
    • SQL Injection
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • Host Header Injection
    • Bash Command Injection Shellshock
    • Cross-Site Scripting beta
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • CRLF Injection and HTTP Response Splitting

    Auxiliaries

    • Protocol Credential Bruteforce 3 more under dev.
      • FTP Bruteforce
      • SSH Bruteforce
      • POP 2/3 Bruteforce
      • SQL Bruteforce
      • XMPP Bruteforce
      • SMTP Bruteforce
      • TELNET Bruteforce
    • String & Payload Encoder
      • URL Encode
      • Base64 Encode
      • HTML Encode
      • Plain ASCII Encode
      • Hex Encode
      • Octal Encode
      • Binary Encode
      • GZip Encode
  • Exploitation purely developmental
    • ShellShock

Changelog v2.0 beta

New Features

  • fully ported framework to Python 3
  • new default console interface, behaving like Metasploit
    • alternative CLI argument interface to interact with 1 module quickly
    • alternative GUI interface powered by PyQt5
  • most modules use multiprocessing to get the job done faster
  • supports sites running on non-default HTTP(S) ports
  • new modules: arpscan, photon, new version: pathtrav

Many bug fixes, amongst #109

WIP

  • Tor: support piping attacks through Tor (95% done)
  • database: save all outputs in a database (mostly done)

Installing

https://github.com/theInfectedDrake/TIDoS-Framework.git
cd tidos-framework
chmod +x install
./install

Usage

TIDoS is made to be comprehensive. It’s a highly flexible framework where you just have to select and use modules.

As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. That’s it! It’s as easy as that.

TIDoS-Framework

 

Copyright © @_tID

Source: https://github.com/theInfectedDrake/

Share

Tags: TIDoS

Follow:

  • Next story MicroRenovator: Pre-OS microcode updater
  • Previous story djangohunter: identify incorrectly configured Django applications

Search

RSS Suggested Reading

  • CVE-2021-31946: Paint 3D for Windows 10 Remote Code Execution Vulnerability
  • CVE-2021-3560: Linux Privilege Escalation Vulnerability Alert
  • Google launches new experimental Abuse Bug Bounty program
  • Hackers are attempting to exploit VMware vCenter Server RCE flaw
  • WordPress will force the installation of Jetpack security updates on 5 million websites




  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • DMCA NOTICE

Penetration Testing © 2021. All Rights Reserved.