Tools

TIDoS-Framework v1.5 releases: A comprehensive web-app audit framework

TIDoS Framework

TIDoS Framework is a comprehensive web application audit framework with some serious perks.

Highlights:-

The main highlights of this framework are:

  •  Basic first release (but huge).
  •  Has 4 main phases, subdivided into 13 sub-phases containing the total of 73 modules.
  •  Reconnaissance Phase has 26 modules of its own (including active reconnaissance, passive reconnaissance and information disclosure modules).
  •  Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
  •  Vulnerability Analysis Phase has 32 modules (including most common vulnerabilities in action.
  •  Exploits Castle has only 1 exploit. (that’s in alpha phase)
  •  All four phases each have an auto-awesome module which automates every module for you.
  •  You just need the domain, and leave everything is to this tool.
  •  TIDoS has full verbose out support, so you’ll know whats going on.
  •  User-friendly interaction environment. (no real shits)

Flawless Features:-

TIDoS Framework presently supports the following:

  • Reconnaissance + OSINT
    • Passive Reconnaissance:
      • Ping/Nping Enumeration
      • Whois Lookup
      • GeoIP Lookup
      • DNS Config. Lookup
      • Subdomains Lookup
      • Reverse DNS Lookup
      • Reverse IP Lookup
      • Web Links Gatherer
      • Google Search (manual search)
      • Google Dorking (multiple modules)automated
    • Active Reconnaissance
      • HPing3 enumeration (under dev)
      • CMS Detection (185+ CMSs supported)
      • Advanced Traceroute IMPROVED
      • Grab HTTP Headers
      • Detect Server IMPROVED
      • Examine SSL Certificate
      • robots.txt and sitemap.xml Checker
      • Subnets Enumeration
      • Find Shared DNS Hosts
      • Operating System Fingerprint
    • Information Disclosure
      • Credit Cards Disclosure in Plaintext
      • Email Harvester
      • Fatal Errors Enumeration Includes Full Path Disclosure checks
      • Internal IP Disclosure
      • Phone Number Harvester
      • Social Security Number Harvester
  • Scanning & Enumeration
    • Remote Server WAF Analysis
    • Port Scanning Ingenious Modules
      • Simple Port Scanner via Socket Connections
      • TCP SYN Scan
      • TCP Connect Scan
      • XMAS Flag Scan
      • Fin Flag Scan
      • Service Detector
    • Interactive Scanning with NMap 16 modules
    • Crawlers
      • Depth 1
      • Depth 2 IMPROVED
  • Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
    • Insecure CORS iCORS
    • Same-Site Scripting
    • Zone Transfer DNS Server based
    • Clickjacking Framable Response
    • Security on Cookies HTTPOnly/Secure Flags
    • Cloudflare Misconfiguration Check + Getting Real IP
    • HTTP High Transport Security Usage
    • Spoofable Email (Missing SPF and DMARC Records)
    • Security Headers Analysis
    • Cross-Site Tracing (Port Based)
    • Network Security misconfig. (Telnet Enabled)

    Serious Web Vulnerabilities

    • File Intrusions
      • Local File Intrusion (LFI)
      • Remote File Inclusion (RFI)
    • OS Command Execution Linux & Windows (RCE)
    • Path Traversal (Sensitive Paths)
    • Cross-Site Request Forgery
    • SQL Injection
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • Host Header Injection
    • Bash Command Injection Shellshock
    • Cross-Site Scripting beta
      • Cookie Value-Based
      • Referer Value-Based
      • User-Agent Value-Based
    • CRLF Injection and HTTP Response Splitting

    Auxiliaries

    • Protocol Credential Bruteforce 3 more under dev.
      • FTP Bruteforce
      • SSH Bruteforce
      • POP 2/3 Bruteforce
      • SQL Bruteforce
      • XMPP Bruteforce
      • SMTP Bruteforce
      • TELNET Bruteforce
    • String & Payload Encoder
      • URL Encode
      • Base64 Encode
      • HTML Encode
      • Plain ASCII Encode
      • Hex Encode
      • Octal Encode
      • Binary Encode
      • GZip Encode
  • Exploitation purely developmental
    • ShellShock

Changelog v1.5

  • Fixes to #11 .
  • Addition of 5 new modules under ActiveRecon Phase.
  • Addition of 3 new modules under Vulnerability Analysis.
  • Bug fixes to the BruteMods module.
  • Most of PassiveRecon Phase modules rewritten for the better.
  • Lastly, some minor bug fixes and stuff.

Installing

https://github.com/theInfectedDrake/TIDoS-Framework.git
cd tidos-framework
chmod +x install
./install

Usage

TIDoS is made to be comprehensive. It’s a highly flexible framework where you just have to select and use modules.

As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. That’s it! It’s as easy as that.

TIDoS

Source: https://github.com/theInfectedDrake/

 

Read more…

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

Leave a Reply