Cybersecurity

TIDoS: The Offensive Web Application Penetration Testing Framework

The Offensive Manual Web Application Penetration Testing Framework.

Hazem Abbas

Hazem Abbas

3 min read
TIDoS: The Offensive Web Application Penetration Testing Framework
Photo by Ilya Pavlov / Unsplash

The Offensive Manual Web Application Penetration Testing Framework is a comprehensive and versatile tool that covers everything from Reconnaissance to Vulnerability Analysis. It consists of 5 main phases, which are further divided into 14 sub-phases and a total of 108 modules.

The Reconnaissance Phase alone includes 50 modules dedicated to active and passive recon, as well as information disclosure. The Scanning & Enumeration Phase incorporates 16 modules, including port scans and WAF analysis. The Vulnerability Analysis Phase comprises 37 modules that address the most common vulnerabilities. Currently, the Exploits Castle only houses 1 exploit, but it is still in development. Additionally, the Auxiliaries section offers 4 modules, with more under development.

Each of the four phases features an Auto-Awesome module that automates every module for you, providing a significant performance boost through multiprocessing. Furthermore, the framework supports piping attacks through Tor, although this feature is not implemented everywhere yet.

One of the key benefits of using the Offensive Manual Web Application Penetration Testing Framework is its simplicity. All you need is the domain, and this tool will take care of everything else. With full verbose out support, you'll always know what's going on during the attack process.

In terms of new features, the latest version of the framework introduces several enhancements. It has been fully ported to Python3, offering improved programming language compatibility. The interface has also been revamped, now resembling a Metasploit-like console interface for ease of use. The introduction of multiprocessing enables parallelisation, resulting in faster and more efficient attacks. Additionally, there is now an alternative CLI interface for quicker interaction with specific modules.

Anonymity

Anonymity is a crucial aspect of penetration testing, and the Offensive Manual Web Application Penetration Testing Framework allows attacking through Tor, ensuring a higher level of privacy and security. While this feature is still undergoing development, it is already 95% complete.

Some modules within the framework have been enhanced and feature-extended. For example, additional evasion techniques have been included, and support for more than one query parameter has been added. Furthermore, new modules like arpscan have been introduced to expand the toolkit's capabilities.

Rich GUI

To enhance user experience, a Graphical User Interface (GUI) has been developed, providing a more user-friendly and intuitive way to interact with the toolkit. This GUI simplifies the process of configuring and executing tests.

HTTP/s Ports

Finally, it is worth mentioning that the framework supports non-default http(s) ports, allowing for more flexibility and compatibility.

Looking ahead, there are exciting plans for future updates to the Offensive Manual Web Application Penetration Testing Framework. The results of modules will soon be stored in a database, enabling easier access and analysis. Additionally, new modules like nikto and photon are currently being developed, which will further enhance the toolkit's functionality and versatility.

Features

  • A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
  • Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.
  • Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).
  • Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)
  • Vulnerability Analysis Phase has 37 modules (including most common vulnerabilities in action).
  • Exploits Castle has only 1 exploit. (purely developmental)
  • And finally, Auxiliaries have got 4 modules. more under development
  • All four phases each have an Auto-Awesome module which automates every module for you.
  • huge performance boost through multiprocessing
  • Piping Attacks through Tor (not implemented everywhere yet)
  • You just need the domain, and leave everything is to this tool.
  • TIDoS has full verbose out support, so you'll know whats going on.
  • Attacking now even easier with a new GUI
  • the programming language: TIDoS is fully ported to Python3
  • the interface: TIDoS presents a new, Metasploit-like console interface
  • Parallelisation: TIDoS uses multiprocessing to speed up attacks
  • An alternative CLI interface for faster interaction with one specific module
  • Anonymity: Attacking through Tor is possible (95% done)
  • Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
  • Some new modules: arpscan
  • A Graphical User Interface for easier interaction with the toolkit
  • Supports non-default http(s) ports

Tech

  • Python

License

  • GPL-3.0 License

Resources

GitHub - 0xInfection/TIDoS-Framework: The Offensive Manual Web Application Penetration Testing Framework.
The Offensive Manual Web Application Penetration Testing Framework. - GitHub - 0xInfection/TIDoS-Framework: The Offensive Manual Web Application Penetration Testing Framework.
GitHub0xInfection


BLUESPAWN: Shield Your Windows Network with Active Defense and Rapid Malware Elimination!

BLUESPAWN is an active defense, endpoint detection, and response tool designed for quick detection, identification, and elimination of malicious activity and malware across a network. The tool encourages user participation and contribution; suggestions for new features, bug reports, and development assistance are welcomed through their Discord server. The creation and


Enhancing macOS Security with macOS-Fortress

If you have ever been concerned about the security of your MacOS device, you will be pleased to learn about macOS-Fortress. This powerful tool is a combination of firewall, blackhole, and privatizing proxy for trackers, attackers, malware, adware and spammers. It provides kernel-level, OS-level, and client-level security, making your MacOS


Exploring TheFatRat: An Educational Open-source Tool for Understanding Malware Dynamics

What is the FatRat? TheFatRat is an exploitation and pentesting tool designed for educational purposes. It has the capability to compile malware with popular payloads, which can then be executed on various platforms including Windows, Linux, Mac, and Android. This makes it a versatile tool for understanding the dynamics of


Looking for a Free Network ARP Scanners? Here is the Top 19 for Linux, Unix, Windows and macOS


How Likely is it You'll Be Hacked?

Do you know how likely it is that you’ll be hacked? Click here to find out.


Experience the Power of Blocky: Your Free Ad-blocker and DNS Proxy Solution

Introduction to Blocky! Blocky is an open-source local network DNS proxy and ad-blocker developed in Go. Its features include the blocking of DNS queries with external lists for ad-blocking and malware protection, as well as the allowance of whitelisting. It allows the definition of allow/denylists per client group, such


Pi.Alert is a Free WIFI / LAN Intruder Detector with Web Service Monitoring

What is Pi.Alert? Pi.Alert is a comprehensive WIFI and LAN intruder detector equipped with web service monitoring for enhanced security and efficiency. This powerful tool conducts regular scans on all the devices that are connected to your WIFI or LAN. It meticulously records the identities of all known


Healthcare Institutions Face Cybersecurity Threats as They Move to Green Tech

Digitalization is ongoing since many decades in a lot of healthcare institutions. The more digitized a healthcare institution is, the more services and quality it can be provided to patients. This, however, means that medical data and transactions which once were offline, are now possibly accessible from anywhere on Earth.


19 Free Self-hosted Anonymous Chat Solutions for Secure private Messaging and Anonymous Chat Groups

Anonymous chat apps are applications that allow users to communicate with others without revealing their identity. They offer users the ability to engage in real-time conversations while maintaining their privacy. Use-cases of Anonymous chat apps These applications are used in various scenarios. For instance, they can be used for online


Massive Cyber Attack: Is Your Data Safe? 85 Million Egyptian Records For Sale!

In a major cybersecurity incident, an alleged database containing personal information of 85 million Egyptian citizens is reportedly up for sale on a hacking forum. The threat actor claims the database includes sensitive data such as National Identification numbers, full names, family information, mother's names, insurance numbers, and


Read more


Articles

Tutorials Development Productivity Marketing

Systems

Cross-platform macOS Windows Linux Android RaspberryPi

Development

Frameworks JavaScript Flutter Next.js Straters

Apps

Docker Self-hosted Terminal Java

Science - Healthcare

Healthcare Medical Records Radiology (DICOM-PACS)


Open-source Apps

9,500+

Medical Apps

500+

Lists

450+

Dev. Resources

900+