Web Application Penetration Testing consist of many stages, but the Footprinting/Reconnaissance stage is considered a process of getting deep information about a target.
Here we have TIDOS Framework, a comprehensive web application audit tool, developed in python which helps both penetration tester and ethical hackers to gather informations with best modules such as open source intelligence, scanning + enumeration, and vulnerabilities analysis.
Apart from the passive and active recons, it can also perform some security analysis of web applications for different vulnerabilities such as SQL Injections,XXS, PHP Injections, HTML Injections.
And similarly it can bruteforce plain text protocols credentials like TELNET,FTP,XMPP,SMTP and SQL protocols.
- Clone “git clone https://github.com/theInfectedDrake/TIDoS-Framework.git” or Download the TiDoS tool here
After the installation,
- Open up the TiDoS directory with the command: cd tidos-framework
- run this command: ./install
- execute the command: python setup.py
Now agree with the terms and conditions with “Y” or Yes
TiDoS is a very easy to use tool,
- just execute the command: tidos.
- Execute the command: geoip
Now when the script loads type in the website URL that you want to lookup
- Run the command: piweb
And enter the URL of the website you wanna ping
Reverse IP Lookup
- Run the command: revip
Reverse DNS Lookup
- Run the command:revdns
- Execute the command:subnet
Nmap Port Scan
- Run the command: nmap
Grabbing HTTP Headers
- Execute the command: grabhead
- Execute the command: gsearch
Sub Domain Scan
- Execute the command: subdom
- Execute the command: fl00d
- Execute the command: pglink
As we all know that Reconnaissance is the key to Penetration or Bug Hunting… Because it helps us understand the web app for easy vulnerability detection 😎 So guys I wish you an easy recon…
Happy Bug Hunting, Happy Pentesting, Happy Hacking