TIDoS-Framework – Offensive Web Application Penetration Testing Framework
Being a penetration tester, you must have worked with Metasploit Framework for different attacks and information gathering. TIDoS Framework is quite similar to Metasploit Framework; Tidos Framework is an open-source toolkit that is free to use. This toolkit provides all major web application tests like Scanning of Target, Enumeration process, and Vulnerability Assessment and Analysis. This toolkit has five main phases, subdivided into 14 sub-phases consisting of a total of 108 modules. Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules). You just need to provide the target domain and leave everything is to this tool. TIDoS toolkit has full verbose out support, so you’ll know what’s going on.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Features of TIDoS-Framework
- TIDoS-Framework toolkit is fully scripted in the python language.
- TIDoS-Framework toolkit has a console interface same as Metasploit.
- TIDoS-Framework toolkit Supports non-default HTTP(s) ports.
- TIDoS-Framework toolkit uses multiprocessing to speed up attacks.
- TIDoS-Framework toolkit supports Attacking through Tor.
- TIDos-Framework toolkit has a considerable performance boost through multiprocessing.
How TIDoS Works?
As TIDoS-Framework is the collection of various modules, which we will discuss below in the article. These modules have their meaning and functionality. By running the following command in the terminal, the system will execute the TIDoS-Framework script, enabling all the modules.
After running the script, the first thing to do is to set the target domain host, list out various modules, and select the appropriate module that will assist you in performing the testing process. After choosing the module, select the relevant or associated option and start the process. After a while tool will collect the information automatically and display it in the terminal.
Reconnaissance and Open Source Intelligence
Reconnaissance is the initial or primary step in the process of penetration testing. All the information related to the target domain or person is collected in this phase. Open Source Intelligence or OSINT is the term which states that the data collected through this method are publicly available information which has various means like LinkedIn, Facebook, Github, etc. All these means are publicly available and consist of lots of information. Tidos can automatically run all these scanning options or do manual scanning by selecting the desired option. Similarly, the active reconnaissance scanning option involves all the scanning techniques that require interaction with the target web application, like pinging the target web server. Information Disclosure is the type that checks the target application for some sensitive kind of data like email addresses, mobile numbers, credit card details, etc.
Scanning and Enumeration
Scanning and Enumeration is the process of directly or indirectly interacting with the target host for some more relevant information like Port details, Banner Grabbing (OS Information), Server Details, Firewall Information, etc.TIDoS tool can ping the target to get this information by hosting information, an encryption technique, etc. Scanning can be done of various types like Port Scanning, Network Scanning, Vulnerability Scanning, etc.
Vulnerability in a web application is the security flaws that reveal sensitive data or can have some dangerous impact on the organization or the institution. This Vulnerability should be detected and must be handled with all the procedures can methodologies. There are various types of vulnerabilities classified on the basics of their severity. TIDoS tool has the capability or modules to check the target domain against various vulnerabilities like ClickJacking, XSS, SQL Injection, Cookie Injection, and some other vulnerabilities. For example, If We are willing to test the application for XSS Vulnerability, the TIDoS tool sends some malicious payloads to the target URL consisting of parameters. If the server responds to that payloads, there may be vulnerabilities on the target domain.
Active VS Passive Recon
Active Recon: Active Reconnaissance is when there is direct interaction with the target network host for collecting the information. As there is direct communication, the logs or records are created in the target host to the target system, which can put the hacker or attacker in danger as this can reveal the hacker’s identity.
Passive Recon: Passive Reconnaissance is the process where there is no interaction with the target for collecting the information. So no logs or traces are created in the target client-side system. Information like DNS Records, WHOIS Records, Reverse IP Data, etc., are collected in this phase. No requests are made while collecting the information to the target domain. Fewer chances of detecting the hacker are maintained in this phase. Most of the data is assembled from OSINT means which are publicly available on various platforms.
Installation of TIDoS-Framework Tool on Kali Linux OS
Step 1: Check whether Python Environment is Established or not, use the following command.
Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.
Step 3: You are on Desktop now create a new directory called Tidos using the following command. In this directory, we will complete the installation of the Tidos tool.
Step 4: Now switch to Tidos directory using the following command.
Step 5: Now you have to install the tool. You have to clone the tool from Github.
sudo git clone https://github.com/0xinfection/tidos-framework.git
Step 6: The tool has been downloaded successfully in the Tidos. Now list out the contents of the tool by using the below command.
Step 7: You can observe that there is a new directory created of the Tidos tool that has been generated while we were installing the tool. Now move to that directory using the below command:
Step 8: Once again to discover the contents of the tool, use the below command.
Step 9: Download the required packages for the usage of Tidos tool, us the following command.
pip3 install -r requirements.txt
Step 10: Run the tidconsole.py script to open the menu of the Tidos tool, use the following command.
Type help to get the list of available modules of usage
Working with TIDos-Framework in Kali Linux
Setting Up Target Domain
1. First of all, We need to set up our target domain in the toolkit. (vicadd) is the command to add the target domain URL for usage.
2. In the below Screenshot, We have added our target domain URL as geeksforgeeks.org. After setting up our target we can use various modules offered by the toolkit.
Display List of Available Modules
1. In the below Screenshot, We are listing the available modules offered by the TIDoS-Framework toolkit. List command is used to list the modules.
Selecting OSINT-passive module
In the below Screenshot, We have selected the osint-passive module for our usage.
Example 1: GeoIP Location
1. In this Example, We are retrieving the GeoIP Location about our target domain geeksforgeeks.org. We have loaded the GeoIP Location option using the (load) command. After loading the option we need to start the scan using the attack command.
Example 2: Information Gathering with Google
1. In this Example. We are collecting the information about our target geeksforgeeks.org from Google. We have loaded the Googledorker option and started the scan.
2. In the below Screenshot, Results of Information Gathering with Google are displayed. We have got various links that are associated with the geeksforgeeks.org domain.
Example 3: Page Links
1. In this Example, We are extracting Page links about the target geeksforgeeks.org. We have loaded the option links and started the scan using the attack command
2. In the below Screenshot, We have got the links extracted from the geeksforgeeks.org target domain which consists of parameters. These links can be tested for various vulnerabilities like XSS, Open Redirection, etc.
Example 4: Web Archive
1. In this Example, We are fetching the Archive Links from the Year 2019-2020. This Links can be helpful for understanding the past technologies and the methodology used in the development of the website. If any sensitive thing which was present in this years is not hidden then there can be chances of vulnerabilities.
2. In the below Screenshot, We have got the archive links from 2019-2020 for our target domain geeksforgeeks.org.
Example 5: Grabbing HTTP Headers
1. In this Example, We are grabbing the HTTP Headers of our target geeksforgeeks.org. We have got the information about the Server, Content-Type, Vary, etc.
Example 6: Ping Check
1, In this Example, We are checking the availability of the host, by sending the ICMP packets are waiting for a response.
Example 7: Nmap Port Scan
In this Example, We are performing the Nmap Scan to get the information about the open ports and some more Registered Information. In the below Screenshot, You can see that we have got the port details for our target geeksforgeeks.org
TIDoS-Framework is c complete bundle or suite for various phases. The Examples mentioned in this article are just a trailer of the Toolkit. You can use or try the various modules associated with the toolkit and gather more information about your target domain.