TIDoS-Framework - The Offensive Web Application Penetration Testing Framework

Recommended:

• Follow the order of the tool (Run in a schematic way).
  Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis

Flawless Features :-

• Reconnaissance + OSINT
  • Passive Reconnaissance:
    • Nping Enumeration Via external APi
    • WhoIS Lookup Domain info gathering
    • GeoIP Lookup Pinpoint physical location
    • DNS Configuration Lookup DNSDump
    • Subdomains Lookup Indexed ones
    • Reverse DNS Lookup Host Instances
    • Reverse IP Lookup Hosts on same server
    • Subnets Enumeration Class Based
    • Domain IP History IP Instances
    • Web Links Gatherer Indexed ones
    • Google Search Manual search
    • Google Dorking (multiple modules) Automated
    • Email to Domain Resolver Email WhoIs
    • Wayback Machine Lookups Find Backups
    • Breached Email Check Pwned Email Accounts
    • Enumeration via Google Groups Emails Only
    • Check Alias Availability Social Networks
    • Find PasteBin Posts Domain Based
    • LinkedIn Gathering Employees & Company
    • Google Plus Gathering Domain Profiles
    • Public Contact Info Scraping FULL CONTACT
    • Censys Intel Gathering Domain Based
    • Threat Intelligence Gathering Bad IPs
  • Active Reconnaissance
    • Ping Enumeration Advanced
    • CMS Detection (185+ CMSs supported) IMPROVED
    • Advanced Traceroute IMPROVED
    • robots.txt and sitemap.xml Checker
    • Grab HTTP Headers Live Capture
    • Find HTTP Methods Allowed via OPTIONS
    • Detect Server Type IMPROVED
    • Examine SSL Certificate Absolute
    • Apache Status Disclosure Checks File Based
    • WebDAV HTTP Enumeration PROFIND & SEARCH
    • PHPInfo File Enumeration via Bruteforce
    • Comments Scraper Regex Based
    • Find Shared DNS Hosts Name Server Based
    • Alternate Sites Discovery User-Agent Based
    • Discover Interesting Files via Bruteforce
      • Common Backdoor Locations shells, etc.
      • Common Backup Locations .bak, .db, etc.
      • Common Password Locations .pgp, .skr, etc.
      • Common Proxy Path Configs. .pac, etc.
      • Multiple Index Paths index, index1, etc.
      • Common Dot Files .htaccess, .apache, etc
      • Common Logfile Locations .log, .changelog, etc
  • Information Disclosure
    • Credit Cards Disclosure If Plaintext
    • Email Harvester IMPROVED
    • Fatal Errors Enumeration Includes Full Path Disclosure
    • Internal IP Disclosure Signature Based
    • Phone Number Havester Signature Based
    • Social Security Number Harvester US Ones
• Scanning & Enumeration
  • Remote Server WAF Enumeration Generic 54 WAFs
  • Port Scanning Ingenious Modules
    • Simple Port Scanner via Socket Connections
    • TCP SYN Scan Highly reliable
    • TCP Connect Scan Highly Reliable
    • XMAS Flag Scan Reliable Only in LANs
    • FIN Flag Scan Reliable Only in LANs
    • Port Service Detector
  • Web Technology Enumeration Absolute
  • Complete SSL Enumeration Absolute
  • Operating System Fingerprinting IMPROVED
  • Banner Grabbing of Services via Open Ports
  • Interactive Scanning with NMap 16 preloaded modules
  • Internet Wide Servers Scan Using CENSYS Database
  • Web and Links Crawlers
    • Depth 1 Indexed Uri Crawler
    • Depth 2 Single Page Crawler
    • Depth 3 Web Link Crawler

• Vulnerability Analysis
  Web-Bugs & Server Misconfigurations
  • Insecure CORS Absolute
  • Same-Site Scripting Sub-domain based
  • Zone Transfer DNS Server based
  • Clickjacking
    • Frame-Busting Checks
    • X-FRAME-OPTIONS Header Checks
  • Security on Cookies
    • HTTPOnly Flag
    • Secure Flag on Cookies
  • Cloudflare Misconfiguration Check
    • DNS Misconfiguration Checks
    • Online Database Lookup For Breaches
  • HTTP Strict Transport Security Usage
    • HTTPS Enabled but no HSTS
  • Domain Based Email Spoofing
    • Missing SPF Records
    • Missing DMARC Records
  • Host Header Injection
    • Port Based Web Socket Based
    • X-Forwarded-For Header Injection
  • Security Headers Analysis Live Capture
  • Cross-Site Tracing HTTP TRACE Method
  • Session Fixation via Cookie Injection
  • Network Security Misconfig.
    • Checks for TELNET Enabled via Port 23
  Serious Web Vulnerabilities
  • File Inclusions
    • Local File Inclusion (LFI) Param based
    • Remote File Inclusion (RFI) IMPROVED
      • Parameter Based
      • Pre-loaded Path Based
  • OS Command Injection Linux & Windows (RCE)
  • Path Traversal (Sensitive Paths)
  • Cross-Site Request Forgery Absolute
  • SQL Injection
    • Error Based Injection
      • Cookie Value Based
      • Referer Value Based
      • User-Agent Value Based
      • Auto-gathering IMPROVED
    • Blind Based Injection Crafted Payloads
      • Cookie Value Based
      • Referer Value Based
      • User-Agent Value Based
      • Auto-gathering IMPROVED
  • LDAP Injection Parameter Based
  • HTML Injection Parameter Based
  • Bash Command Injection ShellShock
  • Apache Struts Shock Apache RCE
  • XPATH Injection Parameter Based
  • Cross-Site Scripting IMPROVED
    • Cookie Value Based
    • Referer Value Based
    • User-Agent Value Based
    • Parameter Value Based Manual
  • Unvalidated URL Forwards Open Redirect
  • PHP Code Injection Windows + Linux RCE
  • CRLF Injection HTTP Response Splitting
    • User-Agent Value Based
    • Parameter value Based Manual
  • Sub-domain Takeover 50+ Services
    • Single Sub-domain Manual
    • All Subdomains Automated
  Other
  • PlainText Protocol Default Credential Bruteforce
    • FTP Protocol Bruteforce
    • SSH Protocol Bruteforce
    • POP 2/3 Protocol Bruteforce
    • SQL Protocol Bruteforce
    • XMPP Protocol Bruteforce
    • SMTP Protocol Bruteforce
    • TELNET Protocol Bruteforce

• Auxillary Modules
  • Hash Generator MD5, SHA1, SHA256, SHA512
  • String & Payload Encoder 7 Categories
  • Forensic Image Analysis Metadata Extraction
  • Web HoneyPot Probability ShodanLabs HoneyScore
• Exploitation purely developmental
• ShellShock