TIDoS – Open Source Reconnaissance and Web Application Audit Framework

TIDoS framework is a python based toolkit that performs a comprehensive audit of the web applications. The toolkit is packed with a number of modules with specific objectives, such as reconnaissance, open source intelligence, scanning + enumeration, and vulnerabilities analysis.

TIDoS framework can perform both types of reconnaissance i-e active and passive reconnaissance. In passive reconnaissance, the toolkit can perform different lookups like reverse ip, dns configuration, subdomains, geoip, and Whois lookup. Apart from this, the tool can gather useful information about the target from the available social media profiles. In the active reconnaissance, TIDoS framework can do ping enumeration, cms detection, and discovering interesting files via bruteforcing.

The toolkit performs security analysis of web applications for different vulnerabilities like SQL injection, LDAP injections, HTML injections, XPATH injections, CRLF injections, Cross Site Scripting, sub-domain takeovers, and PHP injections.  Similarly, TIDoS framework can bruteforce the credentials of the plain text protocols like FTP, TELNET, SMTP,XMPP, and SQL protocol.

TIDoS Framework Installation

The framework can be installed by cloning the TIDoS repository as follows.

git clone https://github.com/theinfecteddrake/tidos-framework.git

The dependencies can be installed with the following commands.

cd tidos-frameworkchmod +x install./install

The above commands install all the dependencies required to run the framework.

How TIDoS Works

After successful installation of TIDoS, the framework can be set into action by simply typing its name in the  terminal.

tidos

Once the tool is loaded, simply type the target web url in the terminal. The TIDoS framework confirms the website address and provides available options to start the scanning or auditing of the target website. Each option is loaded with a number of modules that perform special tasks. For instance, the available ‘Reconnaissance & OSINT’ option has 48 modules to perform active reconnaissance, passive reconnaissance, and information disclosure tasks. Scanning and Enumeration option is loaded with 15 modules that perform port scanning and tasks like Web Applications Firewall analysis. Similarly, the vulnerability analysis option has 36 modules to find out the vulnerabilities in the target web applications.

By selecting one of the available options loads all the associated modules to further refine the scanning objective. For instance, if we select the ‘Reconnaissance & OSINT’ option, the framework loads all the modules associated with the ‘Reconnaissance’ phase, such as DNS configuration lookup, Subdomains lookup, Ping enumeration, CMS detection etc. Similarly, if we opt for vulnerability analysis of the target host, we get list of modules to try as shown in the following screenshot. The framework produces results based on the selected modules.

 

What Bunny rating does it get?

TIDoS can be termed as all-inclusive framework as it provides collective penetration testing features. Instead of installing multiple tools for different penetration testing purposes, the tasks can be accomplished by installing only TIDoS framework, as a result we will be awarding this tool a rating of 3.5 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers