Open in app

Sign in

Write

Sign in

The Offensive Manual Web Application Penetration Testing Framework.

Liferacer333
4 min readOct 10, 2020

TiDos is an offensive web application framework with lot of modules. It helps in many penetration testing task from performing recon to attacking a web application. It is built in python and is fully automated tool.

Installation :

> Go to https://github.com/0xInfection/TIDoS-Framework

  1. git clone https://github.com/0xinfection/tidos-framework.git

Install the dependencies

2. cd tidos-framework

3. chmod +x install

4 ./install

Getting Started :-

TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.

So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS.

Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.

Follow the order of the tool (Run in a schematic way).

Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis

Tidos-Framework Features :

  • Reconnaissance + OSINT

Passive Reconnaissance:

  • Nping Enumeration Via external APi
  • WhoIS Lookup Domain info gathering
  • GeoIP Lookup Pinpoint physical location
  • DNS Configuration Lookup DNSDump
  • Subdomains Lookup Indexed ones
  • Reverse DNS Lookup Host Instances
  • Reverse IP Lookup Hosts on same server
  • Subnets Enumeration Class Based
  • Domain IP History IP Instances
  • Web Links Gatherer Indexed ones
  • Google Search Manual search
  • Google Dorking (multiple modules) Automated
  • Email to Domain Resolver Email WhoIs
  • Wayback Machine Lookups Find Backups
  • Breached Email Check Pwned Email Accounts
  • Enumeration via Google Groups Emails Only
  • Check Alias Availability Social Networks
  • Find PasteBin Posts Domain Based
  • LinkedIn Gathering Employees & Company
  • Google Plus Gathering Domain Profiles
  • Public Contact Info Scraping FULL CONTACT
  • Censys Intel Gathering Domain Based
  • Threat Intelligence Gathering Bad IPs

Active Reconnaissance:

  • Ping Enumeration Advanced

CMS Detection (185+ CMSs supported) IMPROVED

  • Advanced Traceroute IMPROVED
  • robots.txt and sitemap.xml Checker
  • Grab HTTP Headers Live Capture
  • Find HTTP Methods Allowed via OPTIONS
  • Detect Server Type IMPROVED
  • Examine SSL Certificate Absolute
  • Apache Status Disclosure Checks File Based
  • WebDAV HTTP Enumeration PROFIND & SEARCH
  • PHPInfo File Enumeration via Bruteforce
  • Comments Scraper Regex Based
  • Find Shared DNS Hosts Name Server Based
  • Alternate Sites Discovery User-Agent Based
  • Discover Interesting Files via Bruteforce

Scanning & Enumeration

  • Remote Server WAF Enumeration Generic 54 WAFs
  • Port Scanning Ingenious Modules
  • Simple Port Scanner via Socket Connections
  • TCP SYN Scan Highly reliable
  • TCP Connect Scan Highly Reliable
  • XMAS Flag Scan Reliable Only in LANs
  • FIN Flag Scan Reliable Only in LANs
  • Port Service Detector

And much more…

Vulnerability Analysis

  • Web-Bugs & Server Misconfigurations
  • Insecure CORS Absolute
  • Same-Site Scripting Sub-domain based
  • Zone Transfer DNS Server based
  • Clickjacking
  • Frame-Busting Checks
  • X-FRAME-OPTIONS Header Checks
  • Security on Cookies
  • HTTPOnly Flag
  • Secure Flag on Cookies
  • Cloudflare Misconfiguration Check
  • DNS Misconfiguration Checks
  • Online Database Lookup For Breaches
  • HTTP Strict Transport Security Usage
  • HTTPS Enabled but no HSTS
  • Domain Based Email Spoofing
  • Missing SPF Records
  • Missing DMARC Records
  • Host Header Injection
  • Port Based Web Socket Based
  • X-Forwarded-For Header Injection
  • Security Headers Analysis Live Capture
  • Cross-Site Tracing HTTP TRACE Method
  • Session Fixation via Cookie Injection
  • Network Security Misconfig.
  • Checks for TELNET Enabled via Port 23

Serious Web Vulnerabilities :

  • File Inclusions
  • Local File Inclusion (LFI) Param based
  • Remote File Inclusion (RFI) IMPROVED
  • Parameter Based
  • Pre-loaded Path Based
  • OS Command Injection Linux & Windows (RCE)
  • Path Traversal (Sensitive Paths)
  • Cross-Site Request Forgery Absolute
  • SQL Injection
  • Error Based Injection
  • Cookie Value Based
  • Referer Value Based
  • User-Agent Value Based
  • Auto-gathering IMPROVED
  • Blind Based Injection Crafted Payloads
  • Cookie Value Based
  • Referer Value Based
  • User-Agent Value Based
  • Auto-gathering IMPROVED
  • LDAP Injection Parameter Based
  • HTML Injection Parameter Based
  • Bash Command Injection ShellShock
  • Apache Struts Shock Apache RCE
  • XPATH Injection Parameter Based
  • Cross-Site Scripting
  • Sub domain takeover

And this tool can do much more things..

Installation : https://www.youtube.com/watch?v=5a_GFWeovYI

Thank you!!

Bugbounty
Infosec
Cybersecurity
Bughunting
Pentesting

--

--

Liferacer333

Written by Liferacer333

66 Followers

|Cybersecurity Enthusiast |Bug Hunter🖤| The Quieter you become, the more you hear!💥

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams