A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
Here is some light on what the framework is all about:
- A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
- Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.
- Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).
- Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)
- Vulnerability Analysis Phase has 37 modules (including most common vulnerabilities in action).
- Exploits Castle has only 1 exploit.
(purely developmental)
- And finally, Auxiliaries have got 4 modules.
more under development
- All four phases each have an
Auto-Awesome
module which automates every module for you. - huge performance boost through multiprocessing
- Piping Attacks through Tor (not implemented everywhere yet)
- You just need the domain, and leave everything is to this tool.
- TIDoS has full verbose out support, so you’ll know whats going on.
- Attacking now even easier with a new GUI
Main new features
- the programming language: TIDoS is fully ported to Python3
- the interface: TIDoS presents a new, Metasploit-like console interface
- Parallelisation: TIDoS uses multiprocessing to speed up attacks
- An alternative CLI interface for faster interaction with one specific module
- Anonymity: Attacking through Tor is possible (95% done)
- Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
- Some new modules: arpscan
- A Graphical User Interface for easier interaction with the toolkit
- Supports non-default http(s) ports
Upcoming
- results of modules will be stored in a database
- new modules: nikto&photon
Installation
Installation Script (Globally)
To install the framework globally in /opt, run the provided core/install.py
script as root. After this, you can launch TIDoS simply by typing tidos
on the command line.
Manual Installation (Locally)
- Clone the repository locally and navigate there:
git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework
TIDoS needs some libraries to run, which can be installed via aptitude
or dnf
Package Managers.
sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python3-pip libmariadbclient18 libmysqlclient-dev tor konsole
Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
pip3 install -r requirements.txt
TIDoS uses Vailyn to scan for path traversals in a new, improved path traversal module. If you want to use that module, head to https://github.com/VainlyStrain/Vailyn, and follow the installation instructions there.
Thats it. You now have TIDoS at your service. Fire it up using:
python3 tidv2 #Qt5 interface
sudo python3 tidconsole.py #console interface
Docker image
You can build it from Dockerfile:
git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework/core/docker
docker build -t tidos .
To run TIDoS:
docker run --interactive --tty --rm tidos bash
tidos
Update: TIDoS is now available on Docker Hub. Install and run the container like this:
docker run -it vainlystrain/tidos-framework
Updating TIDoS
To get the current version of TIDoS, move into the installation folder and perform (sudo) git pull #sudo if installed by install.py
. Alternatively, you can run the fetch
command in tidconsole.
Getting Started
To get started, you need to set your own API KEYS
for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py
under files/
directory and set your own keys and access tokens for SHODAN
, CENSYS
, FULL CONTACT
, GOOGLE
and WHATCMS
.
Commands:
__ __
! attack Attack specified target(s) M
: clear Clear terminal. :
V creds Handle target credentials.
: fetch Check for and install updates. :
: find Search a module. :
help Show help message. :
info Show description of current module. M
: intro Display Intro. :
: leave Leave module. M
list List all modules of a category. :
: load Load module. :
: netinfo Show network information. :
: opts Show options of current module. M
phpsploit Load the phpsploit framework. :
(needs to be downloaded externally)
: processes Set number of processes in parallelis. :
q Terminate TIDoS session. :
: sessions Interact with cached sessions. :
: set Set option value of module. M
: tor Pipe Attacks through the Tor Network. :
vicadd Add Target to list. :
vicdel Delete Target from list. :
viclist List all targets. :
Avail. Cmds
M needs loaded modvle
V [! potentially] need loaded target(s)
TIDoS-Framework (this link opens in a new window) by 0xInfection (this link opens in a new window)
The Offensive Manual Web Application Penetration Testing Framework.