TiDoS Framework – Web Application Penetration Testing Toolkit For Reconnaissance

Web Application Penetration Testing consist of many stages, but the Footprinting/Reconnaissance stage is considered a process of getting deep information about a target.

Here we have TIDOS Framework, a comprehensive web application audit tool, developed in python which helps both penetration tester and ethical hackers to gather informations with best modules such as open source intelligence, scanning + enumeration, and vulnerabilities analysis.

Apart from the passive and active recons, it can also perform some security analysis of web applications for different vulnerabilities such as SQL Injections,XXS, PHP Injections, HTML Injections.

And similarly it can bruteforce plain text protocols credentials like TELNET,FTP,XMPP,SMTP and SQL protocols.

TiDoS Installation

  • Clone “git clone https://github.com/theInfectedDrake/TIDoS-Framework.git” or Download the TiDoS tool here

After the installation,

  • Open up the TiDoS directory with the command: cd tidos-framework
  • run this command: ./install
  • execute the command: python setup.py

Now agree with the terms and conditions with “Y” or Yes

TiDoS is a very easy to use tool,

  • just execute the command: tidos.

Geolocation Lookupgeoip_lookup

  • Execute the command: geoip
    Now when the script loads type in the website URL that you want to lookup

Ping Check


  • Run the command: piweb
    And enter the URL of the website you wanna ping

Reverse IP Lookup


  • Run the command: revip

Reverse DNS Lookup


  • Run the command:revdns

Subnet Range


  • Execute the command:subnet

Nmap Port Scan


  • Run the command: nmap

Grabbing HTTP Headershttp-headers

  • Execute the command: grabhead

Google Searchgoogle-search

  • Execute the command: gsearch

Sub Domain Scansubdomain-recon

  • Execute the command: subdom


  • Execute the command: fl00d


  • Execute the command: pglink

As we all know that Reconnaissance is the key to Penetration or Bug Hunting… Because it helps us understand the web app for easy vulnerability detection 😎 So guys I wish you an easy recon…

Happy Bug Hunting, Happy Pentesting, Happy Hacking