The TIDoS Framework
The Offensive Web Application Penetration Testing Framework.
Highlights :-
Here is some light on what the framework is all about:
Installation :-
Global Installation:
NOTE:
Presently, for installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway.
- Clone the repository locally and navigate there:
git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework
- Install the dependencies:
chmod +x install
./install
Thats it! Now you are good to go! Now lets run the tool:
tidos
Manual Installation (Locally) :
TIDoS needs some libraries to run, which can be installed via aptitude
or yum
Package Managers.
sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python-pip python-xmpp
Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
pip2 install -r requirements.txt
Thats it. You now have TIDoS at your service. Fire it up using:
python2 tidos.py
Docker image :
You can build it from Dockerfile :
git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework/docker
docker build -t tidos .
To run TIDoS :
docker run --interactive --tty --rm tidos bash
tidos
Getting Started :-
TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.
So to get started, you need to set your own API KEYS
for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py
under files/
directory and set your own keys and access tokens for SHODAN
, CENSYS
, FULL CONTACT
, GOOGLE
and WHATCMS
.
GOOD NEWS:
The latest release of TIDoS includes all API KEYS and ACCESS TOKENS for SHODAN
, CENSYS
, FULL CONTACT
, GOOGLE
and WHATCMS
by default. I found these tokens on various repositories on GitHub itself. You can now use all the modules which use the API KEYS. 🙂
Finally, as the framework opens up, enter the website name eg. http://www.example.com
and let TIDoS lead you. Thats it! Its as easy as that.
Recommended:
- Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
To update this tool, use tidos_updater.py
module under tools/
folder.
Flawless Features :-
TIDoS Framework presently supports the following: and more modules are under active development
- Reconnaissance + OSINT
- Passive Reconnaissance:
- Nping Enumeration
Via external APi
- WhoIS Lookup
Domain info gathering
- GeoIP Lookup
Pinpoint physical location
- DNS Configuration Lookup
DNSDump
- Subdomains Lookup
Indexed ones
- Reverse DNS Lookup
Host Instances
- Reverse IP Lookup
Hosts on same server
- Subnets Enumeration
Class Based
- Domain IP History
IP Instances
- Web Links Gatherer
Indexed ones
- Google Search
Manual search
- Google Dorking (multiple modules)
Automated
- Email to Domain Resolver
Email WhoIs
- Wayback Machine Lookups
Find Backups
- Breached Email Check
Pwned Email Accounts
- Enumeration via Google Groups
Emails Only
- Check Alias Availability
Social Networks
- Find PasteBin Posts
Domain Based
- LinkedIn Gathering
Employees & Company
- Google Plus Gathering
Domain Profiles
- Public Contact Info Scraping
FULL CONTACT
- Censys Intel Gathering
Domain Based
- Threat Intelligence Gathering
Bad IPs
- Active Reconnaissance:
- Ping Enumeration
Advanced
- CMS Detection
(185+ CMSs supported)
IMPROVED
- Advanced Traceroute
IMPROVED
robots.txt
and sitemap.xml
Checker- Grab HTTP Headers
Live Capture
- Find HTTP Methods Allowed
via OPTIONS
- Detect Server Type
IMPROVED
- Examine SSL Certificate
Absolute
- Apache Status Disclosure Checks
File Based
- WebDAV HTTP Enumeration
PROFIND & SEARCH
- PHPInfo File Enumeration
via Bruteforce
- Comments Scraper
Regex Based
- Find Shared DNS Hosts
Name Server Based
- Alternate Sites Discovery
User-Agent Based
- Discover Interesting Files
via Bruteforce
- Common Backdoor Locations
shells, etc.
- Common Backup Locations
.bak, .db, etc.
- Common Password Locations
.pgp, .skr, etc.
- Common Proxy Path Configs.
.pac, etc.
- Multiple Index Paths
index, index1, etc.
- Common Dot Files
.htaccess, .apache, etc
- Common Logfile Locations
.log, .changelog, etc
- Information Disclosure:
- Credit Cards Disclosure
If Plaintext
- Email Harvester
IMPROVED
- Fatal Errors Enumeration
Includes Full Path Disclosure
- Internal IP Disclosure
Signature Based
- Phone Number Havester
Signature Based
- Social Security Number Harvester
US Ones
- Scanning & Enumeration
- Remote Server WAF Enumeration
Generic
54 WAFs
- Port Scanning
Ingenious Modules
- Simple Port Scanner
via Socket Connections
- TCP SYN Scan
Highly reliable
- TCP Connect Scan
Highly Reliable
- XMAS Flag Scan
Reliable Only in LANs
- FIN Flag Scan
Reliable Only in LANs
- Port Service Detector
- Web Technology Enumeration
Absolute
- Complete SSL Enumeration
Absolute
- Operating System Fingerprinting
IMPROVED
- Banner Grabbing of Services
via Open Ports
- Interactive Scanning with NMap
16 preloaded modules
- Internet Wide Servers Scan
Using CENSYS Database
- Web and Links Crawlers
- Depth 1
Indexed Uri Crawler
- Depth 2
Single Page Crawler
- Depth 3
Web Link Crawler
- Auxillary Modules
- Hash Generator
MD5, SHA1, SHA256, SHA512
- String & Payload Encoder
7 Categories
- Forensic Image Analysis
Metadata Extraction
- Web HoneyPot Probability
ShodanLabs HoneyScore
- Exploitation
purely developmental
Other Tools:
net_info.py
– Displays information about your network. Located under tools/
.tidos_updater.py
– Updates the framework to the latest release via signature matching. Located under tools/
.
TIDoS In Action:
Lets see some screenshots of TIDoS in real world pentesting action:
Version:
v1.7 [latest release] [#stable]
Upcoming:
These are some modules which I have thought of adding:
- Some more of Enumeraton & Information Disclosure modules.
- Lots more of OSINT & Stuff (let that be a suspense).
- More of Auxillary Modules.
- Some Exploits are too being worked on.
Ongoing:
- Working on a full-featured Web UI implementation on Flask and MongoDB and Node.js.
- Working on a new framework, a real framework.
To be released with v2
- Working on a campaign feature + addition of arguments.
- Normal Bug Fixing Stuffs.
As per the issues being raised
- Some other perks:
- Working on a way for contributing new modules easily.
- A complete new method of multi-threaded fuzzing of parameters.
- Keeping better of new console stuff.
Disclaimer:
TIDoS is provided as a offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.
THEREFORE, THE AUTHOR AND NEITHER THE CONTRIBUTORS ARE NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OR DAMAGE DUE TO THIS TOOLKIT.