Penetration Testing

  • Home
  • Forensics
  • Network PenTest
    • Information Gathering
    • Vulnerability Analysis
    • Exploitation
      • Metasploit
    • Post Exploitation
    • Maintaining Access
    • Password Attacks
    • Sniffing & Spoofing
    • Smartphone PenTest
    • Wireless
  • News
    • Android
    • Apple
    • Cyber Security
    • Data Leak
    • Malware
    • Software
    • Technology
    • Vulnerability
    • Windows
  • Reverse Engineering
  • Programming
  • Technique
  • Web PenTest
    • Web Information Gathering
    • Web Vulnerability Analysis
    • Web Exploitation
    • Web Maintaining Access
    • Reporting
  • Malware Analysis
  • Technique
  • Tips
  • Big Data
  • Crypto
  • Ebooks
  • Defense
  • Linux
  • Machine Learning
  • Networking

Penetration Testing

Security Training Share

  • Home
  • Forensics
  • Network PenTest
    • Information Gathering
    • Vulnerability Analysis
    • Exploitation
      • Metasploit
    • Post Exploitation
    • Maintaining Access
    • Password Attacks
    • Sniffing & Spoofing
    • Smartphone PenTest
    • Wireless
  • News
    • Android
    • Apple
    • Cyber Security
    • Data Leak
    • Malware
    • Software
    • Technology
    • Vulnerability
    • Windows
  • Reverse Engineering
  • Programming
  • Technique
  • Web PenTest
    • Web Information Gathering
    • Web Vulnerability Analysis
    • Web Exploitation
    • Web Maintaining Access
    • Reporting
  • Malware Analysis
  • Technique
  • Tips
  • Web Exploitation / Web Information Gathering / Web Vulnerability Analysis

TIDoS-Framework v1.7 releases: A comprehensive web-app audit framework

by do son · Published November 10, 2018 · Updated November 10, 2018


TIDoS Framework

TIDoS Framework is a comprehensive web application audit framework with some serious perks.

Highlights:-

The main highlights of this framework are:

  •  Basic first release (but huge).
  •  Has 4 main phases, subdivided into 13 sub-phases containing the total of 73 modules.
  •  Reconnaissance Phase has 26 modules of its own (including active reconnaissance, passive reconnaissance and information disclosure modules).
  •  Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
  •  Vulnerability Analysis Phase has 32 modules (including most common vulnerabilities in action.
  •  Exploits Castle has only 1 exploit. (that’s in alpha phase)
  •  All four phases each have an auto-awesome module which automates every module for you.
  •  You just need the domain, and leave everything is to this tool.
  •  TIDoS has full verbose out support, so you’ll know whats going on.
  •  User-friendly interaction environment. (no real shits)

Flawless Features:-

TIDoS Framework presently supports the following:

  • Reconnaissance + OSINT
    • Passive Reconnaissance:
      • Ping/Nping Enumeration
      • Whois Lookup
      • GeoIP Lookup
      • DNS Config. Lookup
      • Subdomains Lookup
      • Reverse DNS Lookup
      • Reverse IP Lookup
      • Web Links Gatherer
      • Google Search (manual search)
      • Google Dorking (multiple modules)automated
    • Active Reconnaissance
      • HPing3 enumeration (under dev)
      • CMS Detection (185+ CMSs supported)
      • Advanced Traceroute IMPROVED
      • Grab HTTP Headers
      • Detect Server IMPROVED
      • Examine SSL Certificate
      • robots.txt and sitemap.xml Checker
      • Subnets Enumeration
      • Find Shared DNS Hosts
      • Operating System Fingerprint
    • Information Disclosure
      • Credit Cards Disclosure in Plaintext
      • Email Harvester
      • Fatal Errors Enumeration Includes Full Path Disclosure checks
      • Internal IP Disclosure
      • Phone Number Harvester
      • Social Security Number Harvester
  • Scanning & Enumeration
    • Remote Server WAF Analysis
    • Port Scanning Ingenious Modules
      • Simple Port Scanner via Socket Connections
      • TCP SYN Scan
      • TCP Connect Scan
      • XMAS Flag Scan
      • Fin Flag Scan
      • Service Detector
    • Interactive Scanning with NMap 16 modules
    • Crawlers
      • Depth 1
      • Depth 2 IMPROVED
  • Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
    • Insecure CORS iCORS
    • Same-Site Scripting
    • Zone Transfer DNS Server based
    • Clickjacking Framable Response
    • Security on Cookies HTTPOnly/Secure Flags
    • Cloudflare Misconfiguration Check + Getting Real IP
    • HTTP High Transport Security Usage
    • Spoofable Email (Missing SPF and DMARC Records)
    • Security Headers Analysis
    • Cross-Site Tracing (Port Based)
    • Network Security misconfig. (Telnet Enabled)

    Serious Web Vulnerabilities

    • File Intrusions
      • Local File Intrusion (LFI)
      • Remote File Inclusion (RFI)
    • OS Command Execution Linux & Windows (RCE)
    • Path Traversal (Sensitive Paths)
    • Cross-Site Request Forgery
    • SQL Injection
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • Host Header Injection
    • Bash Command Injection Shellshock
    • Cross-Site Scripting beta
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • CRLF Injection and HTTP Response Splitting

    Auxiliaries

    • Protocol Credential Bruteforce 3 more under dev.
      • FTP Bruteforce
      • SSH Bruteforce
      • POP 2/3 Bruteforce
      • SQL Bruteforce
      • XMPP Bruteforce
      • SMTP Bruteforce
      • TELNET Bruteforce
    • String & Payload Encoder
      • URL Encode
      • Base64 Encode
      • HTML Encode
      • Plain ASCII Encode
      • Hex Encode
      • Octal Encode
      • Binary Encode
      • GZip Encode
  • Exploitation purely developmental
    • ShellShock

Changelog v1.7

  • The best part of it is that, TIDoS now has all API keys set by default!
  • Basic changes to code structure.
  • Included Travis CI integration to TIDoS.
  • Some major bug fixes and other stuff (as usual).

Installing

https://github.com/theInfectedDrake/TIDoS-Framework.git
cd tidos-framework
chmod +x install
./install

Usage

TIDoS is made to be comprehensive. It’s a highly flexible framework where you just have to select and use modules.

As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. That’s it! It’s as easy as that.

TIDoS-Framework

 

Copyright © @_tID

Source: https://github.com/theInfectedDrake/

Share

Tags: TIDoS

Follow:

  • Next story Acra v0.84.0 releases: database protection suite
  • Previous story wfuzz v2.3.1 release: Web application fuzzer

Search




Popular Post

  • stoq

    Malware Analysis

    stoq: open source framework for enterprise level automated analysis

    14 Dec, 2018

  • deen

    Crypto

    deen v1.6.4 release: Generic data encoding/decoding application

    15 Nov, 2018

  • Fuzzlyn

    Reverse Engineering

    Fuzzlyn v1.1 releases: Fuzzer for the .NET toolchains

    15 Nov, 2018

  • goscan

    Information Gathering / Vulnerability Analysis

    goscan v2.1 releases: Interactive Network Scanner

    15 Nov, 2018

  • flare-vm

    Forensics / Reverse Engineering

    flare-vm: Windows-based security distribution for malware analysis, incident response, penetration testing

    15 Nov, 2018

  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • DMCA NOTICE
  • Submit your articles

Penetration Testing © 2018. All Rights Reserved.

We use cookies to ensure that we give you the best experience on our website. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on Read more information.OkRead more