.png)
4 years ago
215 BOOK THIS SPACE FOR AD
ARTICLE ADTIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.
So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS.
Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.
Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
Reconnaissance + OSINTNping Enumeration Via external APiWhoIS Lookup Domain info gatheringGeoIP Lookup Pinpoint physical locationDNS Configuration Lookup DNSDumpSubdomains Lookup Indexed onesReverse DNS Lookup Host InstancesReverse IP Lookup Hosts on same serverSubnets Enumeration Class BasedDomain IP History IP InstancesWeb Links Gatherer Indexed onesGoogle Search Manual searchGoogle Dorking (multiple modules) AutomatedEmail to Domain Resolver Email WhoIsWayback Machine Lookups Find BackupsBreached Email Check Pwned Email AccountsEnumeration via Google Groups Emails OnlyCheck Alias Availability Social NetworksFind PasteBin Posts Domain BasedLinkedIn Gathering Employees & CompanyGoogle Plus Gathering Domain ProfilesPublic Contact Info Scraping FULL CONTACTCensys Intel Gathering Domain BasedThreat Intelligence Gathering Bad IPsPing Enumeration AdvancedCMS Detection (185+ CMSs supported) IMPROVED
Advanced Traceroute IMPROVEDrobots.txt and sitemap.xml CheckerGrab HTTP Headers Live CaptureFind HTTP Methods Allowed via OPTIONSDetect Server Type IMPROVEDExamine SSL Certificate AbsoluteApache Status Disclosure Checks File BasedWebDAV HTTP Enumeration PROFIND & SEARCHPHPInfo File Enumeration via BruteforceComments Scraper Regex BasedFind Shared DNS Hosts Name Server BasedAlternate Sites Discovery User-Agent BasedDiscover Interesting Files via BruteforceRemote Server WAF Enumeration Generic 54 WAFsPort Scanning Ingenious ModulesSimple Port Scanner via Socket ConnectionsTCP SYN Scan Highly reliableTCP Connect Scan Highly ReliableXMAS Flag Scan Reliable Only in LANsFIN Flag Scan Reliable Only in LANsPort Service DetectorAnd much more…
Web-Bugs & Server MisconfigurationsInsecure CORS AbsoluteSame-Site Scripting Sub-domain basedZone Transfer DNS Server basedClickjackingFrame-Busting ChecksX-FRAME-OPTIONS Header ChecksSecurity on CookiesHTTPOnly FlagSecure Flag on CookiesCloudflare Misconfiguration CheckDNS Misconfiguration ChecksOnline Database Lookup For BreachesHTTP Strict Transport Security UsageHTTPS Enabled but no HSTSDomain Based Email SpoofingMissing SPF RecordsMissing DMARC RecordsHost Header InjectionPort Based Web Socket BasedX-Forwarded-For Header InjectionSecurity Headers Analysis Live CaptureCross-Site Tracing HTTP TRACE MethodSession Fixation via Cookie InjectionNetwork Security Misconfig.Checks for TELNET Enabled via Port 23File InclusionsLocal File Inclusion (LFI) Param basedRemote File Inclusion (RFI) IMPROVEDParameter BasedPre-loaded Path BasedOS Command Injection Linux & Windows (RCE)Path Traversal (Sensitive Paths)Cross-Site Request Forgery AbsoluteSQL InjectionError Based InjectionCookie Value BasedReferer Value BasedUser-Agent Value BasedAuto-gathering IMPROVEDBlind Based Injection Crafted PayloadsCookie Value BasedReferer Value BasedUser-Agent Value BasedAuto-gathering IMPROVEDLDAP Injection Parameter BasedHTML Injection Parameter BasedBash Command Injection ShellShockApache Struts Shock Apache RCEXPATH Injection Parameter BasedCross-Site ScriptingSub domain takeover
And this tool can do much more things..
Installation : https://www.youtube.com/watch?v=5a_GFWeovYI
Bengali (Bangladesh) · 
English (United States) ·