TIDoS-Framework is a python toolkit for comprehensive penetration testing of websites. It is presently suited for reconnaissance purposes.
A list of features TIDoS-Framework has to offer:
- Has capabilities of effective Reconnaissance about a website with just its domain.
- FootPrinting solutions include Reverse-DNS, Reverse-IP LookUp of the website.
- Can detect serious vulnerabilities in websites like clickjackability, zone transfer, SQLi, XSS, etc...
- Can detect if you are being tricked into a honeypot.
- Can check the connectivity strength of your website by flooding it at the UDP level.
- Its written mostly using pre-defined APIs so results are pretty accurate.
- This project modules are still in beta phase. Work is still on, I will update everything once everything gets over...
Use the following command to clone it
git clone https://github.com/the-Infected-Drake/TIDoS-Framework.git
After downloading, navigate to 'TIDoS-Framework' directory
cd TIDoS-Framework
Now install the required dependencies with the setup.py file
python setup.py
Now you are good to go! Run TIDoS with the following command
tidos
You can enter help in TIDoS's target prompt for keyword usages.
Examples :-
- "gsearch" for A Google Search of a dork or a query.
- "nmap" for a comprehensive NMap scan of the website.
- "fl00d" for Checking the connectivity strength of the website by flooding at the UDP Level.
Check out other modules too...
⇒ v1.0.0
- Initial release.
- Contained 5 modules with basic choices.
⇒ v1.1.0
- Fixed 2 major bugs in the code.
- Removed the webex module and added the piweb module.
⇒ v2.0.0
- 13 new modules added.
- Project suited for reconnaissance purposes.
⇒ v2.1.0 (beta)
-
21 new modules added.
-
Complete change of interface for easy interaction with the tool.
-
Tool section divided into 3 sections, Reconnaissance, Scanning, Exploitation.
-
Deep crawlers along with CMS detection, Cloudflare bypass to be added.
-
Fuzzing websites pages with different payloads as well as WAF analysis to be added.
-
New modules including scanning for XSS and SQLi vulnerabilities within websites added.
-
To be released shortly.
Work for a more comprehensive framework for Cross Site Scripting and SQLi exploitation. Pull requests? They are warmly welcome here. Bugs, Errors in Code? Submit a Pull Request or raise up an Issue!
Thanks for your attention.