Facebook Account Hacking -- The Best 9 Methods

Tishna is almost complete automated penetration testing framework for servers, web-application. This tool have 62 options with automated process that can be very useful in Web security. It doesn't comes with Kali Linux we can install it from it's GitHub repository.

Tishna is very useful in legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorized access and intrusion.
Let's check how we can clone and install it on our Kali Linux system.

First we clone Tishna from it's GitHub repository by applying following command:

git clone https://github.com/haroonawanofficial/Tishna

After cloning we go to the 'Tishna' directory by using following command:

cd Tishna

Then we need to give permissions by using chmod command as shown following:

chmod u+x *.sh

Then to install in our Kali Linux we run the Kali_Installer.sh file by applying following command:

./Kali_Installer.sh

This command will take some time depending our internet speed and CPU performance. After installing it will run automatically for first time. If we need to run it again then we just need to type in our terminal :

tishna

Then it will open like following screenshot:

Tishna -- Web Security tool

We got lots of options (To be extract 62) to audit our web security. The options are following:

1. Audit HTTP Method
2. Extract Response Header
3. Extract Images
4. Extract URLs
5. Identity Form
6. Find XSS in forms Advanced Attack
7. Find XSS in forms Simple Attack
8. Web Server Mount Response Splitting Attack
9. Header Inject Poison
10. Cache Poison Defacer
11. CRLF Response Splitting Attack & Fuzzer
12. HTTP Response Smuggling Fuzzing
13. Web Cache Deception Attack Check
14. HTTP Methods Information
15. Custom CSRF Injection Request
16. Load CSRF HTML Templates
17. Shell Shock
18. Cross Site Request Forgery Audi Toolkit
19. Find Available HTTP Methods
20. Find XSS in Parameters using Screaming Cobra
21. Find Missing HTTPS Methods
22. Server Side Request Forgery
23. Find Available HTTPS Methods
24. Audit XML RPC Methods, Extract All Information
25. Cookie Stealer XSS Localhost Server
26. Command Injections Exploits
27. Show JSON Endpoint List
28. Perform Blind, Encoded, Responsive XXE Injection
29. Perform File Upload Injections
30. Perform Side Side Template Injection
31. Perform JSON Web Token Injection
32. Perform Web Socket Injection
33. Perform Amazon Bucket Injection 101 AWS Amazon
34. Extract Cname Records for Hijacking
35. Insecure Direct Object Reference - BURP
36. Perform CVS Injection
37. Perform XPATH Injection
38. Find SQL, XPATH, ASPX, JAVA, JAVA SCRIPT, PHP Bugs
39. Find XPATH and SQL Parameter Injection
40. Show Two-Factor Authentication Payloads
41. Mutated XSS Payloads
42. Stored XSS Payloads
43. Reflected XSS Payloads
44. WAF Bypass Payloads
45. Find XSS Using Response Splitting
46. Extract Links - Advanced
47. Download Images - EXIF Data
48. Simple Response Splitting Attack
49. Double Response Splitting Attack
50. HTTP Cache Poison Attack
51. HTTP Cache Injection Attack
52. HTTP Fuzzer
53. IP Obfuscating
54. RFI
55. LFI
56. Binary Buffer Overflow Finder
57. Stored and Reflected XSS Angular JS Payloads
58. Phantom JS XSS Payload Helper
59. Angular JS Client Side Automatic XSS Finder
60. Session Hijacking Burp Method
61. OAUTH Injections
62. Bypass Firewall Using DNS History

These are those options we can use in our pentesting jobs on web applications.
Tishna is in development stage. May not everything work perfectly. If any thing goes wrong we can open an issue in it's Github page that the developer can fix it.

So here the stage comes when we begging for following us on Blogger, Twitter and share our post on the social media (except Facebook they banned our URLs , May be because of this Facebook Account Hacking post).