TIDoS-Framework v1.7 – The Offensive Manual Web Application Penetration Testing Framework

TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple

Highlights :-
The main highlights of this framework is:

  • TIDoS Framework now boasts of a century+ of modules.
  • A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
  • Has 5 main phases, subdivided into 14 sub-phases consisting a total of 104 modules.
  • Reconnaissance Phase has 48 modules of its own (including active and passive recon, information disclosure modules).
  • Scanning & Enumeration Phase has got 15 modules (including port scans, WAF analysis, etc)
  • Vulnerability Analysis Phase has 36 modules (including most common vulnerabilites in action).
  • Exploits Castle has only 1 exploit. (purely developmental)
  • And finally, Auxillaries have got 4 modules. under dev.
  • All four phases each have a Auto-Awesome module which automates every module for you.
  • You just need the domain, and leave everything is to this tool.
  • TIDoS has full verbose out support, so you’ll know whats going on.
  • Fully user friendly interaction environment. (no shits)

Command Injection Linux & Windows (RCE)

  • Path Traversal (Sensitive Paths)
  • Cross-Site Request Forgery Absolute
  • SQL Injection
    • Error Based Injection
      • Cookie Value Based
      • Referer Value Based
      • User-Agent Value Based
      • Auto-gathering IMPROVED
    • Blind Based Injection Crafted Payloads
      • Cookie Value Based
      • Referer Value Based
      • User-Agent Value Based
      • Auto-gathering IMPROVED
  • LDAP Injection Parameter Based
  • HTML Injection Parameter Based
  • Bash Command Injection ShellShock
  • XPATH Injection Parameter Based
  • Cross-Site Scripting IMPROVED
    • Cookie Value Based
    • Referer Value Based
    • User-Agent Value Based
    • Parameter Value Based Manual
  • Unvalidated URL Forwards Open Redirect
  • PHP Code Injection Windows + Linux
  • HTTP Response Splitting CRLF Injection
    • User-Agent Value Based
    • Parameter value Based Manual
  • Sub-domain Takeover 50+ Services
    • Single Sub-domain Manual
    • All Subdomains Automated
  • Other

    • PlainText Protocol Default Credential Bruteforce
      • FTP Protocol Bruteforce
      • SSH Protocol Bruteforce
      • POP 2/3 Protocol Bruteforce
      • SQL Protocol Bruteforce
      • XMPP Protocol Bruteforce
      • SMTP Protocol Bruteforce
      • TELNET Protocol Bruteforce
    • Auxillary Modules
      • Hash Generator MD5, SHA1, SHA256, SHA512
      • String & Payload Encoder 7 Categories
      • Forensic Image Analysis Metadata Extraction
      • Web HoneyPot Probability ShodanLabs HoneyScore
    • Exploitation purely developmental
      • ShellShock

    Other Tools:

    • net_info.py – Displays information about your network. Located under tools/.
    • tidos_updater.py – Updates the framework to the latest release via signature matching. Located under `tools/’.

    TIDoS In Action:


    v1.7 [latest release] [#stable]

    These are some modules which I have thought of adding:

    • Some more of Enumeraton & Information Disclosure modules.
    • Lots more of OSINT & Stuff (let that be a suspense).
    • More of Auxillary Modules.
    • Some Exploits are too being worked on.


    • Working on a full-featured Web UI implementation on Flask and MongoDB and Node.js.
    • Working on a new framework, a real framework. To be released with v2
    • Working on a campaign feature + addition of arguments.
    • Normal Bug Fixing Stuffs. As per the issues being raised
    • Some other perks:
      • Working on a way for contributing new modules easily.
      • A complete new method of multi-threaded fuzzing of parameters.
      • Keeping better of new console stuff.
    Download TIDoS-Framework

    Published by Marshmallow

    Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).