34

GitHub - theInfectedDrake/TIDoS-Framework: The offensive web application penetra...

 5 years ago
source link: https://github.com/theInfectedDrake/TIDoS-Framework
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

68747470733a2f2f692e696d6775722e636f6d2f514162615664552e706e67

Python TIDoS Supported OS License Build Modules Status Stage

The TIDoS Framework

TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple

Highlights :-

The main highlights of this framework is:

  • TIDoS Framework now boasts of a century+ of modules.
  • A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
  • Has 5 main phases, subdivided into 14 sub-phases consisting a total of 104 modules.
  • Reconnaissance Phase has 48 modules of its own (including active and passive recon, information disclosure modules).
  • Scanning & Enumeration Phase has got 15 modules (including port scans, WAF analysis, etc)
  • Vulnerability Analysis Phase has 36 modules (including most common vulnerabilites in action).
  • Exploits Castle has only 1 exploit. (purely developmental)
  • And finally, Auxillaries have got 4 modules. under dev.
  • All four phases each have a Auto-Awesome module which automates every module for you.
  • You just need the domain, and leave everything is to this tool.
  • TIDoS has full verbose out support, so you'll know whats going on.
  • Fully user friendly interaction environment. (no shits)

68747470733a2f2f692e696d6775722e636f6d2f374a694e785a362e706e67

Installation :-

  • Clone the repository locally and navigate there:
git clone https://github.com/theinfecteddrake/tidos-framework.git
cd tidos-framework
  • Install the dependencies:
chmod +x install
./install

68747470733a2f2f692e696d6775722e636f6d2f594e6949696f492e706e67

Thats it! Now you are good to go! Now lets run the tool:

tidos

Getting Started :-

TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules.

But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS. Public API KEYS and ACCESS TOKENS for SHODAN and WHATCMS have been provided with the TIDoS release itself. You can still add your own... no harm!

Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.

Recommended:

  • Follow the order of the tool (Run in a schematic way).

    Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis

To update this tool, use tidos_updater.py module under tools/ folder.

Flawless Features :-

TIDoS Framework presently supports the following: and is under active development

  • Reconnaissance + OSINT

    • Passive Reconnaissance:

      • Nping Enumeration Via external APi
      • WhoIS Lookup Domain info gathering
      • GeoIP Lookup Pinpoint physical location
      • DNS Configuration Lookup DNSDump
      • Subdomains Lookup Indexed ones
      • Reverse DNS Lookup Host Instances
      • Reverse IP Lookup Hosts on same server
      • Subnets Enumeration Class Based
      • Domain IP History IP Instances
      • Web Links Gatherer Indexed ones
      • Google Search Manual search
      • Google Dorking (multiple modules) Automated
      • Email to Domain Resolver Email WhoIs
      • Wayback Machine Lookups Find Backups
      • Breached Email Check Pwned Email Accounts
      • Enumeration via Google Groups Emails Only
      • Check Alias Availability Social Networks
      • Find PasteBin Posts Domain Based
      • LinkedIn Gathering Employees & Company
      • Google Plus Gathering Domain Profiles
      • Public Contact Info Scraping FULL CONTACT
      • Censys Intel Gathering Domain Based
      • Threat Intelligence Gathering Bad IPs

    • Active Reconnaissance

      • Ping Enumeration Advanced
      • CMS Detection (185+ CMSs supported) IMPROVED
      • Advanced Traceroute IMPROVED
      • robots.txt and sitemap.xml Checker
      • Grab HTTP Headers Live Capture
      • Find HTTP Methods Allowed via OPTIONS
      • Detect Server Type IMPROVED
      • Examine SSL Certificate Absolute
      • Apache Status Disclosure Checks File Based
      • WebDAV HTTP Enumeration PROFIND & SEARCH
      • PHPInfo File Enumeration via Bruteforce
      • Comments Scraper Regex Based
      • Find Shared DNS Hosts Name Server Based
      • Alternate Sites Discovery User-Agent Based
      • Discover Interesting Files via Bruteforce
        • Common Backdoor Locations shells, etc.
        • Common Backup Locations .bak, .db, etc.
        • Common Password Locations .pgp, .skr, etc.
        • Common Proxy Path Configs. .pac, etc.
        • Common Dot Files .htaccess, .apache, etc

    • Information Disclosure

      • Credit Cards Disclosure If Plaintext
      • Email Harvester IMPROVED
      • Fatal Errors Enumeration Includes Full Path Disclosure
      • Internal IP Disclosure Signature Based
      • Phone Number Havester Signature Based
      • Social Security Number Harvester US Ones

  • Scanning & Enumeration

    • Remote Server WAF Enumeration Generic 54 WAFs
    • Port Scanning Ingenious Modules
      • Simple Port Scanner via Socket Connections
      • TCP SYN Scan Highly reliable
      • TCP Connect Scan Highly Reliable
      • XMAS Flag Scan Reliable Only in LANs
      • FIN Flag Scan Reliable Only in LANs
      • Port Service Detector
    • Web Technology Enumeration Absolute
    • Operating System Fingerprinting IMPROVED
    • Banner Grabbing of Services via Open Ports
    • Interactive Scanning with NMap 16 preloaded modules
    • Enumeration of Domain-Linked IPs Using CENSYS Database
    • Web and Links Crawlers
      • Depth 1 Indexed Uri Crawler
      • Depth 2 Single Page Crawler
      • Depth 3 Web Link Crawler

  • Vulnerability Analysis

    Web-Bugs & Server Misconfigurations

    • Insecure CORS Absolute
    • Same-Site Scripting Sub-domain based
    • Zone Transfer DNS Server based
    • Clickjacking
      • Frame-Busting Checks
      • X-FRAME-OPTIONS Header Checks
    • Security on Cookies
      • HTTPOnly Flag
      • Secure Flag on Cookies
    • Cloudflare Misconfiguration Check
      • DNS Misconfiguration Checks
      • Online Database Lookup For Breaches
    • HTTP Strict Transport Security Usage
      • HTTPS Enabled but no HSTS
    • Domain Based Email Spoofing
      • Missing SPF Records
      • Missing DMARC Records
    • Host Header Injection
      • Port Based Web Socket Based
      • X-Forwarded-For Header Injection
    • Security Headers Analysis Live Capture
    • Cross-Site Tracing HTTP TRACE Method
    • Session Fixation via Cookie Injection
    • Network Security Misconfig.
      • Checks for TELNET Enabled via Port 23

    Serious Web Vulnerabilities

    • File Inclusions
      • Local File Inclusion (LFI) Param based
      • Remote File Inclusion (RFI) IMPROVED
        • Parameter Based
        • Pre-loaded Path Based
    • OS Command Injection Linux & Windows (RCE)
    • Path Traversal (Sensitive Paths)
    • Cross-Site Request Forgery Absolute
    • SQL Injection
      • Error Based Injection
        • Cookie Value Based
        • Referer Value Based
        • User-Agent Value Based
        • Auto-gathering IMPROVED
      • Blind Based Injection Crafted Payloads
        • Cookie Value Based
        • Referer Value Based
        • User-Agent Value Based
        • Auto-gathering IMPROVED
    • LDAP Injection Parameter Based
    • HTML Injection Parameter Based
    • Bash Command Injection ShellShock
    • XPATH Injection Parameter Based
    • Cross-Site Scripting IMPROVED
      • Cookie Value Based
      • Referer Value Based
      • User-Agent Value Based
      • Parameter Value Based Manual
    • Unvalidated URL Forwards Open Redirect
    • PHP Code Injection Windows + Linux RCE
    • CRLF Injection HTTP Response Splitting
      • User-Agent Value Based
      • Parameter value Based Manual
    • Sub-domain Takeover 50+ Services
      • Single Sub-domain Manual
      • All Subdomains Automated

    Other

    • PlainText Protocol Default Credential Bruteforce

      • FTP Protocol Bruteforce
      • SSH Protocol Bruteforce
      • POP 2/3 Protocol Bruteforce
      • SQL Protocol Bruteforce
      • XMPP Protocol Bruteforce
      • SMTP Protocol Bruteforce
      • TELNET Protocol Bruteforce

  • Auxillary Modules

    • Hash Generator MD5, SHA1, SHA256, SHA512
    • String & Payload Encoder 7 Categories
    • Forensic Image Analysis Metadata Extraction
    • Web HoneyPot Probability ShodanLabs HoneyScore

  • Exploitation purely developmental

    • ShellShock

Other Tools:

  • net_info.py - Displays information about your network. Located under tools/.
  • tidos_updater.py - Updates the framework to the latest release via signature matching. Located under `tools/'.

TIDoS In Action:

68747470733a2f2f692e696d6775722e636f6d2f4f4f36454e63512e706e67 68747470733a2f2f692e696d6775722e636f6d2f6a61795756395a2e706e67 68747470733a2f2f692e696d6775722e636f6d2f763431387749422e706e67 68747470733a2f2f692e696d6775722e636f6d2f48656e764f68652e706e67

68747470733a2f2f692e696d6775722e636f6d2f32785731576c6a2e706e67 68747470733a2f2f692e696d6775722e636f6d2f6b494a336a714c2e706e67 68747470733a2f2f692e696d6775722e636f6d2f384e69777953522e706e67 68747470733a2f2f692e696d6775722e636f6d2f6d67553939674b2e706e67

68747470733a2f2f692e696d6775722e636f6d2f377173583676412e706e67 68747470733a2f2f692e696d6775722e636f6d2f6c43613432446e2e706e6768747470733a2f2f692e696d6775722e636f6d2f785659525a344d2e706e67 68747470733a2f2f692e696d6775722e636f6d2f37794a6d7141322e706e67 68747470733a2f2f692e696d6775722e636f6d2f714a685943614c2e706e67 68747470733a2f2f692e696d6775722e636f6d2f4f4b32674439572e706e67

Version:

v1.6 [latest release] [#stable]

Upcoming:

There are some bruteforce modules to be added:

  • Some more of Enumeraton & Information Disclosure modules.
  • Lots more of OSINT & Stuff (let that be a suspense).
  • More of Auxillary Modules.
  • Some Exploits are too being worked on.

Known Bugs:

This version of TIDoS is purely developmental and is presently stable. There are bugs in resolving the [99] Back at various end-points which results in blind fall-backs. Though I have added global exception handling, still, there maybe bugs out there. Also TIDoS needs to develop more on logging all info displayed on the screen (help needed).

Disclaimer:

TIDoS is provided as a offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.

THEREFORE, I AM NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OF THIS TOOLKIT.

Final Words:

This project is presently under active development so you may want to put it on a watch, since it is updated frequently (you can take a look at past commits history). This project is one of the best frameworks I have ever built and I would really like your constructive criticism, suggestions and help in converting this project into the best web penetration testing framework ever built and trust me, it will be ;).

Thank you,

@_tID


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK