The TIDoS Framework
Here is some light on what the framework is all about:
- [x] A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
- [x] Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.
- [x] Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).
- [x] Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)
- [x] Vulnerability Analysis Phase has 37 modules (including most common vulnerabilites in action).
- [x] Exploits Castle has only 1 exploit. (purely developmental)
- [x] And finally, Auxillaries have got 4 modules. more under development
- [x] All four phases each have a Auto-Awesome module which automates every module for you.
- [x] You just need the domain, and leave everything is to this tool.
- [x] TIDoS has full verbose out support, so you'll know whats going on.
- [x] Fully user friendly interaction environment. (no shits)

NOTE:
Presently, for installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway.
git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework
chmod +x install
./install

Thats it! Now you are good to go! Now lets run the tool:
tidos
TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.
sudo apt-get install libncurses5 libxml2 nmap tcpdump scons libexiv2-dev python-pyexiv2 build-essential python-pip default-libmysqlclient-dev python-xmpp
Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
pip2 install -r requirements.txt
Thats it, You now have TIDoS at your service. Fire it up using:
python2 tidos.py
TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules.
So to get started, you need to set your own API KEYS for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS.
GOOD NEWS:
The latest release of TIDoS includes all API KEYS and ACCESS TOKENS for
SHODAN,CENSYS,FULL CONTACT,WHATCMSby default. I found these tokens on various repositories on GitHub itself. You can now use all the modules which use the API KEYS. :)
Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.
Recommended: - Follow the order of the tool (Run in a schematic way).
Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis
To update this tool, use tidos_updater.py module under tools/ folder.
TIDoS Framework presently supports the following: and more modules are under active development
Reconnaissance + OSINT
Passive Reconnaissance:
Via external APiDomain info gatheringPinpoint physical locationDNSDumpIndexed onesHost InstancesHosts on same serverClass BasedIP InstancesIndexed onesManual searchAutomatedEmail WhoIsFind BackupsPwned Email AccountsEmails OnlySocial NetworksDomain BasedEmployees & CompanyDomain ProfilesFULL CONTACTDomain BasedBad IPsActive Reconnaissance
Advanced(185+ CMSs supported) IMPROVEDIMPROVEDrobots.txt and sitemap.xml CheckerLive Capturevia OPTIONSIMPROVEDAbsoluteFile BasedPROFIND & SEARCHvia BruteforceRegex BasedName Server BasedUser-Agent Basedvia Bruteforceshells, etc..bak, .db, etc..pgp, .skr, etc..pac, etc.index, index1, etc..htaccess, .apache, etc.log, .changelog, etcInformation Disclosure
If PlaintextIMPROVEDIncludes Full Path DisclosureSignature BasedSignature BasedUS OnesScanning & Enumeration
Generic 54 WAFsIngenious Modulesvia Socket ConnectionsHighly reliableHighly ReliableReliable Only in LANsReliable Only in LANsAbsoluteAbsoluteIMPROVEDvia Open Ports16 preloaded modulesUsing CENSYS DatabaseIndexed Uri CrawlerSingle Page CrawlerWeb Link CrawlerVulnerability Analysis
Web-Bugs & Server Misconfigurations
AbsoluteSub-domain basedDNS Server basedX-FRAME-OPTIONS Header ChecksHTTPOnly FlagSecure Flag on CookiesFor BreachesSPF RecordsDMARC RecordsWeb Socket BasedX-Forwarded-For Header InjectionLive CaptureHTTP TRACE Methodvia Cookie InjectionTELNET Enabled via Port 23Serious Web Vulnerabilities
Param basedIMPROVEDLinux & Windows (RCE)(Sensitive Paths)AbsoluteIMPROVEDCrafted PayloadsIMPROVEDParameter BasedParameter BasedShellShockApache RCEParameter BasedIMPROVEDManualOpen RedirectWindows + Linux RCEHTTP Response SplittingManual50+ ServicesManualAutomatedOther
PlainText Protocol Default Credential Bruteforce
Auxillary Modules
MD5, SHA1, SHA256, SHA5127 CategoriesMetadata ExtractionShodanLabs HoneyScore Exploitation purely developmental
net_info.py - Displays information about your network. Located under tools/.tidos_updater.py - Updates the framework to the latest release via signature matching. Located under tools/.Lets see some screenshots of TIDoS in real world pentesting action:


v1.7 [latest release] [#stable]
These are some modules which I have thought of adding: - Some more of Enumeraton & Information Disclosure modules. - Lots more of OSINT & Stuff (let that be a suspense). - More of Auxillary Modules. - Some Exploits are too being worked on.
To be released with v2As per the issues being raisedTIDoS is provided as a offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.
THEREFORE, THE AUTHOR AND NEITHER THE CONTRIBUTORS ARE NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OR DAMAGE DUE TO THIS TOOLKIT.
This project is a very fresh and new project which just simply springed off my mind, and is presently under active development so you may want to put it on a watch, since it is updated frequently.
TIDoS is an in progress work far from perfection and I admit that there may be bugs out there which may cause many modules not to work properly and just bug out. However, being the only single author and maintainer behind this framework, it is my humble request to all users of this framework to hand me the list of modules via raising a new issue which simply do not work and bug out, and I would be more than happy to fix them as we jointly make our journey to realising TIDoS as the greatest web penetration testing framework ever
$ claude mcp add TIDoS-Framework \
-- python -m otcore.mcp_server <graph>