Skip to content

iDuronto/TIDoS

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

158 Commits
core
core
 
 
doc
doc
 
 
files
files
 
 
lib
lib
 
 
modules
modules
 
 
setup
setup
 
 
tmp
tmp
 
 
tools
tools
 
 
.deepsource.toml
.deepsource.toml
 
 
DISCLAIMER
DISCLAIMER
 
 
README.md
README.md
 
 
agree
agree
 
 
dependencies
dependencies
 
 
install
install
 
 
runon.sh
runon.sh
 
 
tidos.py
tidos.py
 
 
uninstall
uninstall
 
 

Repository files navigation

Python Supported OS License Build Modules Status

TIDoS Framework

TIDoS Framework is a comprehensive web application audit framework with some serious perks.

Highlights :-

The main highlights of this framework is:

  • Basic first release (but huge).
  • Has 4 main phases, subdivided into 13 sub-phases containing total of 73 modules.
  • Reconnaissance Phase has 26 modules of its own (including active, passive and information disclosure modules).
  • Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
  • Vulnerability Analysis Phase has 32 modules (including most common vulnerabilites in action.
  • Exploitation Phase has only 1 exploit. (thats in alpha phase)
  • All four phases each have a auto-awesome module which automates every module for you.
  • You just need the domain, and leave everything is to this tool.
  • TIDoS has full verbose out support, so you'll know whats going on.
  • User friendly interaction environment. (no real shits)

Note: For more info on various modules please refer to the wiki.

Installing TIDoS :-

  • Clone the repository locally and navigate there:
git clone https://github.com/theinfecteddrake/tidos-framework.git
cd tidos-framework
  • Install the dependencies:
chmod +x install
./install

Thats it! Now you are good to go! Now lets run the tool:

tidos

Usage :-

TIDoS is made to be comprehensive. Its highly flexible framework where you just have to select and use modules.

As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.

Recommended:

  • Follow the order of the tool (Run in a schematic way). Reconnaissance ⮚ Scanning & Enumeration ⮚ Vulnerability Analysis

Flawless Features :-

TIDoS Framework presently supports the following:

  • Reconnaissance + OSINT

    • Passive Reconnaissance:

      • Ping/Nping Enumeration
      • WhoIS Lookup
      • GeoIP Lookup
      • DNS Config. Lookup
      • Subdomains Lookup
      • Reverse DNS Lookup
      • Reverse IP Lookup
      • Web Links Gatherer
      • Google Search (manual search)
      • Google Dorking (multiple modules) automated

    • Active Reconnaissance

      • HPing3 enumeration (under dev)
      • CMS Detection (185+ CMSs supported)
      • Advanced Traceroute IMPROVED
      • Grab HTTP Headers
      • Detect Server IMPROVED
      • Examine SSL Certificate
      • robots.txt and sitemap.xml Checker
      • Subnets Enumeration
      • Find Shared DNS Hosts
      • Operaing System Fingerprint

    • Information Disclosure

      • Credit Cards Disclosure in Plaintext
      • Email Harvester
      • Fatal Errors Enumeration Includes Full Path Disclosure checks
      • Internal IP Disclosure
      • Phone Number Havester
      • Social Security Number Harvester

  • Scanning & Enumeration

    • Remote Server WAF Analysis
    • Port Scanning Ingenious Modules
      • Simple Port Scanner via Socket Connections
      • TCP SYN Scan
      • TCP Connect Scan
      • XMAS Flag Scan
      • Fin Flag Scan
      • Service Detector
    • Interactive Scanning with NMap 16 modules
    • Crawlers
      • Depth 1
      • Depth 2 IMPROVED

  • Vulnerability Analysis

    Web-Bugs & Server Misconfigurations

    • Insecure CORS iCORS
    • Same-Site Scripting
    • Zone Transfer DNS Server based
    • Clickjacking Framable Response
    • Security on Cookies HTTPOnly/Secure Flags
    • Cloudflare Misconfiguration Check + Getting Real IP
    • HTTP High Transport Security Usage
    • Spoofable Email (Missing SPF and DMARC Records)
    • Security Headers Analysis
    • Cross-Site Tracing (Port Based)
    • Network Security Misconfig. (Telnet Enabled)

    Serious Web Vulnerabilities

    • File Intrusions
      • Local File Intrusion (LFI)
      • Remote File Inclusion (RFI)
    • OS Command Execution Linux & Windows (RCE)
    • Path Traversal (Sensitive Paths)
    • Cross-Site Request Forgery
    • SQL Injection
      • Cookie Value Based
      • Referer Value Based
      • User-Agent Value Based
    • Host Header Injection
    • Bash Command Injection Shellshock
    • Cross-Site Scripting beta
      • Cookie Value Based
      • Referer Value Based
      • User-Agent Value Based
    • CRLF Injection and HTTP Response Splitting

    Auxillaries

    • Protocol Credential Bruteforce 3 more under dev.
      • FTP Bruteforce
      • SSH Bruteforce
      • POP 2/3 Bruteforce
      • SQL Bruteforce
    • String & Payload Encoder
      • URL Encode
      • Base64 Encode
      • HTML Encode
      • Plain ASCII Encode
      • Hex Encode
      • Octal Encode
      • Binary Encode
      • GZip Encode

  • Exploitation purely developmental

    • ShellShock

Known Bugs:

This version of TIDoS is purely developmental beta. There are bugs in resolving the [99] Back at various end-points. Also TIDoS needs to develop more on logging all info displayed on the screen (help needed).

Final Words:

This project is one of the best frameworks I have ever built and I would really like your constructive criticism, suggestions and help in converting this project into the best web penetration testing framework ever built and it will be ;).

Thank you

✎ @tID (Team CodeSploit)

About

A comprehensive web-app audit framework with some serious perks.

code.teamcodesploit.gq

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

 
 
 

Contributors

Languages

  • Python 86.4%
  • Cython 8.7%
  • C 2.0%
  • XSLT 1.5%
  • HTML 0.5%
  • Makefile 0.3%
  • Other 0.6%