Probe Sites for Vulnerabilities with TIDoS, the Offensive Web App Pen-Testing Framework [Tutorial]

April 18, 2019 by 49 Comments

How to Scan Web Apps for Vulnerabilities Using TIDoS
Full Tutorial:
Subscribe to Null Byte:
Kody’s Twitter:

Penetration testing encompasses more than the network tests we’ve covered in previous episodes. It also includes web applications and any vulnerabilities they may have. Today, on this episode of Cyber Weapons Lab, we’ll show you how to scan websites for potential vulnerabilities using the TIDoS framework.

TIDoS is a process-oriented framework that neatly organizes the best tools for each category laid out in the order it should be used, leading users naturally through the steps of discovering and exploiting vulnerabilities.

Follow Null Byte on:
Weekly newsletter:


49 Replies to “Probe Sites for Vulnerabilities with TIDoS, the Offensive Web App Pen-Testing Framework [Tutorial]”

  1. عمل رائع احسنت واصل يا بطل

  2. bill dosk says:

    Thank you for teaching us,cuz i want to be cyber security when i grew up.btw is there any program to defend gadgets from being hacked,monitored,or planted virus on? Please Response

  3. Z O says:

    Happy to se you came out of the Matrix again Kodi haha great vid!

  4. Mael Bonniot says:

    A little bit sk but very useful and interactive, thanks 🙂

  5. Aye nice vid! Maybe you could show off some tools that aren't too popular but good / useful?

  6. I Subscribed You Qnd Will Stay With Until Your Conclusion Are Correct By The Way Nice Video😋😋😋😋

  7. jake palmer says:

    i got a but load of errors these things never work for me

  8. jake palmer says:

    i keep getting this Traceback (most recent call last):

    File "/opt/tidos/", line 14, in <module>

    from core.tidos_main import *

    File "/opt/tidos/core/", line 36, in <module>

    from core.Enumeration.scanenum import *

    File "/opt/tidos/core/Enumeration/", line 24, in <module>

    from ssltlsscan import *

    File "modules/0x02-Scanning+Enumeration/", line 15, in <module>

    import sslyze

    ImportError: No module named sslyze

  9. jake palmer says:

    i got it to work a few hours back now

  10. Jareth Kelly says:

    Love how you shit on priceline alot 😂 keep up the awesome videos!

  11. please… blink.. you robot

  12. that is a really cute installation

  13. Tsuki CTF says:

    Looks cool, awesome

  14. RxXX XRX says:

    Man, can you please make more videos about web vulnerabilities and how to find them?

  15. David Shook says:

    blink, you're making my eyes burn.

  16. Chowa C says:

    installation works smoothly on linux as stated on the github repository

  17. Poly says:

    Holy moly they really went all out with that ascii art XD

  18. SA601154 says:

    Honestly, this guy is the No-Blink Master

  19. Im getting raspberry pi 4 soon for this stuff but i have unrooted android phone and i tried some of null bytes tutorials out and it hiccuped and like half of then work and only crappy ones worked i did try installing kali (x86 and ARM) arm in userland and x86 in ibochs and none of them worked so i guess ill be using my raspberrry pi 4

  20. Can you export your gathered info into a spreed sheet?

  21. AM M says:

    Great video.

    What is your experience regarding priceline?

  22. James AS says:

    Mmmhhh no, Jok3r is far better….

  23. Peace and blessings to you brother

  24. HK says:

    putting so many stickers on the back of one's laptop can be seen as a prelude to a network attack

  25. i fucking love this guy.

  26. Derek M says:

    Kody you should register with Brave so you can collect BAT tips 😉

  27. Cyber Maniac says:

    I was able to get it on Kali is it possible to get it install on Mac!

  28. Ray Guzman says:

    3:51 – If you hit ctrl+A the cursor will move to the beginning of the line so you don't have to hold down the left arrow for a few seconds. There are quite a few shortcuts you can use to make your terminal experience a lot better and faster. By the way, thank you for all the videos. They are awesome!

  29. jj Ej says:

    Great video. Thanks. Is there any tool or process one can follow for websites that hosted by Namecheap where owners identity/info is masked by whoisguard. Scammers keep their real identity masked and utilize fake email and contact details. Any help is appreciated.

  30. Lfomod says:

    sudo apt install libmariadbclient18 , pip install ptyprocess <– for the lazy ones, you're welcome haha

  31. Lfomod says:

    "Command "python egg_info" failed with error code 1 in /tmp/pip-install-UHdVni/MYSQL-python/" <– I get this in Kali when trying to run the framework. So I ran this "sudo pip3 install MySQL client" since that client didn't exist for pip2. What an headache this became hahaha

    fixed it with 'python -m pip install –upgrade pip setuptools wheel'

    and then I ran 'pip install -r requirements.txt'

  32. e d says:

    I'll send you $100 in bitcoin to mail me that sweatshirt <3

  33. the young dirk nowitzki

  34. Agha Seyed says:

    the repo has many bugs, try not to recommend sth like this …

  35. Raj says:

    You are master everything. How could you do this.?

  36. Looks like Metasploit meets Tradewars 2002 😉

  37. Omar Comin says:

    TIDoS….. vodka.

  38. Amit Deswal says:

    Anyone help…after typing chmod +x install and ./install getting error " run this script as Root"
    ..also getting error while installing pip and python

  39. Missing modules 'urllib3' and 'sslyze'. Not able to install these packages too. Please help me someone!!

  40. Is this only for ubuntu

  41. Devang Singh says:

    8:18 we gotta pick someone who really deserve it…😂😂

  42. nobeltnium says:

    When he says a wrong button can get you in trouble, i know that's a good frame work

  43. Amel Spahić says:

    8:50 "without being discovered" and puts the video on YouTube xD

  44. no trying to hate but this guy is the biggest script kiddie ever.

  45. Tidoc is no more working there are error on the installation procedure

  46. Jason Rucco says:

    I see you gave up trying to install this on Kali. I almost did too. Heres how to get it running on Kail:
    1. install docker on kali:
    2. install Tidos via docker: follow instructions for docker image:

    3. Enjoy!

  47. Jjj Ww says:

    If you get an Error for xmpp — do this: # pip install xmpppy – yes that is 3 ppp's. It will work on Kali 2017. I'm about to do the same thing on KALI 2020 and see if this installation works there as well…