The TIDoS Framework

(To Alessandro Rugolo)
26/10/20

For lovers of KalyLinux, Metasploit is the framework used to perform Penetration Testing...
Recently, something new has come forward: TIDoS.

What is TIDoS?

This is a new one "Offensive Web Application Penetration Testing Framework", made as a project by the CodeSploit Team.

Let's see what it consists of:

The version on GitHub is 1.7, and is declared stable. 
The main programming language is 95,6% python.
A total of 108 modules.

The framework is structured around five phases:
reconnaissance phase: of which 50 modules are part;
Scanning & Enumeration Phase, with 16 modules;
Vulnerability Analysis, with 37 modules;
Exploit Castle, with only one module;
Auxiliaries, with 4 modules.

The first phase, recognition, generally consists of planning activities and gathering information about the target and potential vulnerabilities. 
Of course I remind everyone that the business of penetration testing it is an activity that must be conducted in certain circumstances and with the necessary permissions, it is not about conducting an attack against a target but to identify the vulnerabilities of a possible target to help reduce or eliminate them.

Among the many modules of the first phase (which you can find here) are:
- Nping Enumeration;
- WhoIS Lookup, for the collection of information on the domain of interest;
- GeoIP Lookup, to identify the physical position of a target;
- DNS Configuration Lookup, which downloads the DNS configuration.

The form is interesting Wayback Machine Lookup, which is used to find backup of websites, for example to verify or find information that has been modified or deleted over time.
Theoretically, the steps should be performed in sequence.
At each stage there is a module that allows you to automate activities.

Il framework it is still in development and the author admits that there may be some malfunctions he is working on.
One thing is certain, the images of the screens available take us back a few years, which is pleasant in some ways ... we await the developments!

To learn more:
https://www.metasploit.com/
https://github.com/0xInfection/TIDoS-Framework
https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html
https://www.facebook.com/0xInfection/?ref=page_internal
https://www.imperva.com/learn/application-security/penetration-testing/#...
https://www.elastic.co/guide/en/siem/guide/current/nping-process-activit...
https://nmap.org/nping/
http://web.archive.org/
https://www.blackhatethicalhacking.com/tools/the-tidos-framework/

Events

Click on the days highlighted in red and find out what's in evidence.
Tales of military life
Send us your story
Tribute (due) to the 80th "Roma" infantry who takes leave with honor

Well, yes, we are now used to witnessing the closure of the barracks and perhaps even a little to burying the long history of the departments, a phenomenon which however does not erase the memories. It also touched...

Read the story
"Il Signor Parolini" (ninth part)

The baked chicken, as expected, had lived up to its reputation, consolidating, where needed, the undisputed culinary mastery of Gastone, chief ...

Read the story