Tishna -- Artificial Intelligence Based Web Security Swiss Knife Tool

Tishna is almost complete automated penetration testing framework for servers, web-application. This tool have 62 options with automated process that can be very useful in Web security. It doesn't comes with Kali Linux we can install it from it's GitHub repository.

Tishna Web Security Tool


Tishna is very useful in legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorized access and intrusion.
Let's check how we can clone and install it on our Kali Linux system.

First we clone Tishna from it's GitHub repository by applying following command:

git clone https://github.com/haroonawanofficial/Tishna

After cloning we go to the 'Tishna' directory by using following command:

cd Tishna
Then we need to give permissions by using chmod command as shown following:

chmod u+x *.sh
Then to install in our Kali Linux we run the Kali_Installer.sh file by applying following command:

./Kali_Installer.sh
This command will take some time depending our internet speed and CPU performance. After installing it will run automatically for first time. If we need to run it again then we just need to type in our terminal :

tishna
Then it will open like following screenshot:

tishna web security tool
Tishna -- Web Security tool
We got lots of options (To be extract 62) to audit our web security. The options are following:
  1. Audit HTTP Method
  2. Extract Response Header
  3. Extract Images
  4. Extract URLs
  5. Identity Form
  6. Find XSS in forms Advanced Attack
  7. Find XSS in forms Simple Attack
  8. Web Server Mount Response Splitting Attack
  9. Header Inject Poison
  10. Cache Poison Defacer
  11. CRLF Response Splitting Attack & Fuzzer
  12. HTTP Response Smuggling Fuzzing
  13. Web Cache Deception Attack Check
  14. HTTP Methods Information
  15. Custom CSRF Injection Request
  16. Load CSRF HTML Templates
  17. Shell Shock
  18. Cross Site Request Forgery Audi Toolkit
  19. Find Available HTTP Methods
  20. Find XSS in Parameters using Screaming Cobra
  21. Find Missing HTTPS Methods
  22. Server Side Request Forgery
  23. Find Available HTTPS Methods
  24. Audit XML RPC Methods, Extract All Information
  25. Cookie Stealer XSS Localhost Server
  26. Command Injections Exploits
  27. Show JSON Endpoint List
  28. Perform Blind, Encoded, Responsive XXE Injection
  29. Perform File Upload Injections
  30. Perform Side Side Template Injection
  31. Perform JSON Web Token Injection
  32. Perform Web Socket Injection
  33. Perform Amazon Bucket Injection 101 AWS Amazon
  34. Extract Cname Records for Hijacking
  35. Insecure Direct Object Reference - BURP
  36. Perform CVS Injection
  37. Perform XPATH Injection
  38. Find SQL, XPATH, ASPX, JAVA, JAVA SCRIPT, PHP Bugs
  39. Find XPATH and SQL Parameter Injection
  40. Show Two-Factor Authentication Payloads
  41. Mutated XSS Payloads
  42. Stored XSS Payloads
  43. Reflected XSS Payloads
  44. WAF Bypass Payloads
  45. Find XSS Using Response Splitting
  46. Extract Links - Advanced
  47. Download Images - EXIF Data
  48. Simple Response Splitting Attack
  49. Double Response Splitting Attack
  50. HTTP Cache Poison Attack
  51. HTTP Cache Injection Attack
  52. HTTP Fuzzer
  53. IP Obfuscating
  54. RFI
  55. LFI
  56. Binary Buffer Overflow Finder
  57. Stored and Reflected XSS Angular JS Payloads
  58. Phantom JS XSS Payload Helper
  59. Angular JS Client Side Automatic XSS Finder
  60. Session Hijacking Burp Method
  61. OAUTH Injections
  62. Bypass Firewall Using DNS History
These are those options we can use in our pentesting jobs on web applications.
Tishna is in development stage. May not everything work perfectly. If any thing goes wrong we can open an issue in it's Github page that the developer can fix it.

So here the stage comes when we begging for following us on Blogger, Twitter and share our post on the social media (except Facebook they banned our URLs , May be because of this Facebook Account Hacking post).


No comments:

Please do not spam here. It is comment box not a spambox. Promotional links are not allowed.

Powered by Blogger.