TIDoS
The offensive manual web application penetration testing framework.
Here is some light on what the framework is all about:
- A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
- Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.
- Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).
- Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)
- Vulnerability Analysis Phase has 37 modules (including most common vulnerabilities in action).
- Exploits Castle has only 1 exploit. (purely developmental)
- And finally, Auxiliaries have got 4 modules. more under development
- All four phases each have an Auto-Awesome module which automates every module for you.
- huge performance boost through multiprocessing
- Piping Attacks through Tor (not implemented everywhere yet)
- You just need the domain, and leave everything is to this tool.
- TIDoS has full verbose out support, so you'll know whats going on.
- Attacking now even easier with a new GUI
Main new features:
- The programming language: TIDoS is fully ported to Python3
- The interface: TIDoS presents a new, Metasploit-like console interface
- Parallelisation: TIDoS uses multiprocessing to speed up attacks
- An alternative CLI interface for faster interaction with one specific module
- Anonymity: Attacking through Tor is possible (95% done)
- Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
- Some new modules: arpscan
- A Graphical User Interface for easier interaction with the toolkit
- Supports non-default http(s) ports