Here is some light on what the framework is all about:
Presently, for installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway.
Thats it! Now you are good to go! Now lets run the tool:
Manual Installation (Locally):
TIDoS needs some libraries to run, which can be installed via
yum Package Managers.
Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
Thats it. You now have TIDoS at your service. Fire it up using:
You can build it from Dockerfile:
To run TIDoS:
TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.
So to get started, you need to set your own
API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up
files/ directory and set your own keys and access tokens for
The latest release of TIDoS includes all API KEYS and ACCESS TOKENS for
WHATCMS by default. I found these tokens on various repositories on GitHub itself. You can now use all the modules which use the API KEYS. 🙂
Finally, as the framework opens up, enter the website name
eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.
To update this tool, use
tidos_updater.py module under
TIDoS Framework presently supports the following:
and more modules are under active development
Reconnaissance + OSINT
Scanning & Enumeration
Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
Serious Web Vulnerabilities
TIDoS In Action:
Lets see some screenshots of TIDoS in real world pentesting action:
These are some modules which I have thought of adding:
TIDoS is provided as a offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.
THEREFORE, THE AUTHOR AND NEITHER THE CONTRIBUTORS ARE NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OR DAMAGE DUE TO THIS TOOLKIT.
This project is a very fresh and new project which just simply springed off my mind, and is presently under active development so you may want to put it on a watch, since it is updated frequently.
TIDoS is an in progress work far from perfection and I admit that there may be bugs out there which may cause many modules not to work properly and just bug out. However, being the only single author and maintainer behind this framework, it is my humble request to all users of this framework to hand me the list of modules via raising a new issuewhich simply do not work and bug out, and I would be more than happy to fix them as we jointly make our journey to realising TIDoS as the greatest web penetration testing framework ever built.
Please avoid doing any pull requests temporarily as work for v2 of this framework is already underway and in active development.
This content was originally published here.