TIDoS Framework – Web Penetration Testing Toolkit for Reconnaissance
Reconnaissance is a process to get information in-depth about the target. Keep gathering information until penetration testing phase is a bit difficult.
Here we have a Python script called TIDOS which helps Hackers or Penetration testers. This toolkit will gather information with best modules.
Also, Enterprise user protects your websites and web applications with an enterprise-class web application firewall (WAF), enhanced by advanced bot protection and backdoor shell detection services.
Here I have used Kali Linux as (Attacker Machine)
Installation
- Download the TIDOS Tool Here
- Execute the command: Python setup.py
- Agree with Teams and conditions with Yes.
Execute the Script – Reconnaissance
- It is very easy to run this python script after successful installation.
- Execute the command to run the script: tidos
Pglink
- Execute the command: pglink
- After execution type, the backlinks of the website you want to look up.
Geolocation Lookup
- Execute command: geoip
- After execution type, websites geolocation you want to look up.
Grabbing HTTP Headers
- Execute command: grabhead
- Above figure Illustrates gathered information of web server, version and more.
Must Read Complete Kali Tools tutorials from Information gathering to Forensics
Ping Check
- Execute command: piweb
- Above figure Illustrates gathered information of target is Up or down.
Nmap Port Scan
- Execute command: nmap
- Above figure Illustrates gathered information of targets open ports.
Reverse IP Lookup
- Execute command: revip
- Above figure Illustrates gathered information of targets reverse Ip lookups.
Reverse DNS Lookup
- Execute command: revdns
- Above figure Illustrates gathered information of targets reverse DNS lookups.
Sub-Domain Scan
- Execute command: subdom
- Above figure Illustrates gathered information of targets Subdomains.
Subnet Range
- Execute command: subnet
- Above figure Illustrates gathered information of targets subnet range.
DNS Lookup
- Execute command: dnschk
- Above figure Illustrates gathered information of Targets Domain records.
Google Search
- Execute command: gsearch
- Above figure Illustrates gathered information of target records on Google search engine.
DDOS
- Execute command: fl00d
- Above figure Illustrates target is flooded with ICMP packets & Check the availability of a website.
Before exploiting, Known your targets loopholes in reconnaissance phase. Reconnaissance provides information about vulnerable software version and more.
This post TIDoS Framework – Web Penetration Testing Toolkit for Reconnaissance originally appeared on GB Hackers.
