Working with TIDos-Framework in Kali Linux
Setting Up Target Domain
1. First of all, We need to set up our target domain in the toolkit. (vicadd) is the command to add the target domain URL for usage.
2. In the below Screenshot, We have added our target domain URL as w3wiki.org. After setting up our target we can use various modules offered by the toolkit.
Display List of Available Modules
1. In the below Screenshot, We are listing the available modules offered by the TIDoS-Framework toolkit. List command is used to list the modules.
Selecting OSINT-passive module
In the below Screenshot, We have selected the osint-passive module for our usage.
Example 1: GeoIP Location
1. In this Example, We are retrieving the GeoIP Location about our target domain w3wiki.org. We have loaded the GeoIP Location option using the (load) command. After loading the option we need to start the scan using the attack command.
Example 2: Information Gathering with Google
1. In this Example. We are collecting the information about our target w3wiki.org from Google. We have loaded the Googledorker option and started the scan.
2. In the below Screenshot, Results of Information Gathering with Google are displayed. We have got various links that are associated with the w3wiki.org domain.
Example 3: Page Links
1. In this Example, We are extracting Page links about the target w3wiki.org. We have loaded the option links and started the scan using the attack command
2. In the below Screenshot, We have got the links extracted from the w3wiki.org target domain which consists of parameters. These links can be tested for various vulnerabilities like XSS, Open Redirection, etc.
Example 4: Web Archive
1. In this Example, We are fetching the Archive Links from the Year 2019-2020. This Links can be helpful for understanding the past technologies and the methodology used in the development of the website. If any sensitive thing which was present in this years is not hidden then there can be chances of vulnerabilities.
2. In the below Screenshot, We have got the archive links from 2019-2020 for our target domain w3wiki.org.
Example 5: Grabbing HTTP Headers
1. In this Example, We are grabbing the HTTP Headers of our target w3wiki.org. We have got the information about the Server, Content-Type, Vary, etc.
Example 6: Ping Check
1, In this Example, We are checking the availability of the host, by sending the ICMP packets are waiting for a response.
Example 7: Nmap Port Scan
In this Example, We are performing the Nmap Scan to get the information about the open ports and some more Registered Information. In the below Screenshot, You can see that we have got the port details for our target w3wiki.org
TIDoS-Framework is c complete bundle or suite for various phases. The Examples mentioned in this article are just a trailer of the Toolkit. You can use or try the various modules associated with the toolkit and gather more information about your target domain.
TIDoS-Framework – Offensive Web Application Penetration Testing Framework
Being a penetration tester, you must have worked with Metasploit Framework for different attacks and information gathering. TIDoS Framework is quite similar to Metasploit Framework; Tidos Framework is an open-source toolkit that is free to use. This toolkit provides all major web application tests like Scanning of Target, Enumeration process, and Vulnerability Assessment and Analysis. This toolkit has five main phases, subdivided into 14 sub-phases consisting of a total of 108 modules. Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules). You just need to provide the target domain and leave everything is to this tool. TIDoS toolkit has full verbose out support, so you’ll know what’s going on.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux