TIDoS – The Offensive Web Application Penetration Testing Framework



[*]A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
[*]Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.
[*]Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).
[*]Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)
[*]Vulnerability Analysis Phase has 37 modules (including most common vulnerabilites in action).
[*]Exploits Castle has only 1 exploit. (purely developmental)
[*]And finally, Auxillaries have got 4 modules. more under development
[*]All four phases each have a Auto-Awesome module which automates every module for you.
[*]You just need the domain, and leave everything is to this tool.
[*]TIDoS has full verbose out support, so you’ll know whats going on.
[*]Fully user friendly interaction environment. (no shits)


git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework
chmod +x install./install

Getting Started:
TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.

So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS. Public API KEYS and ACCESS TOKENS for SHODAN and WHATCMS have been provided with the TIDoS release itself. You can still add your own… no harm!

Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.

Download: https://github.com/0xInfection/TIDoS-Framework

Please follow and like us: