Tishna is almost complete automated penetration testing framework for servers, web-application. This tool have 62 options with automated process that can be very useful in Web security. It doesn't comes with Kali Linux we can install it from it's GitHub repository.
Tishna is very useful in legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorized access and intrusion.
Let's check how we can clone and install it on our Kali Linux system.
First we clone Tishna from it's GitHub repository by applying following command:
After cloning we go to the 'Tishna' directory by using following command:
Then we need to give permissions by using chmod command as shown following:
Then to install in our Kali Linux we run the Kali_Installer.sh file by applying following command:
This command will take some time depending our internet speed and CPU performance. After installing it will run automatically for first time. If we need to run it again then we just need to type in our terminal :
Then it will open like following screenshot:
We got lots of options (To be extract 62) to audit our web security. The options are following:
These are those options we can use in our pentesting jobs on web applications.Tishna is very useful in legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorized access and intrusion.
Let's check how we can clone and install it on our Kali Linux system.
First we clone Tishna from it's GitHub repository by applying following command:
After cloning we go to the 'Tishna' directory by using following command:
Then we need to give permissions by using chmod command as shown following:
Then to install in our Kali Linux we run the Kali_Installer.sh file by applying following command:
This command will take some time depending our internet speed and CPU performance. After installing it will run automatically for first time. If we need to run it again then we just need to type in our terminal :
Then it will open like following screenshot:
Tishna -- Web Security tool |
- Audit HTTP Method
- Extract Response Header
- Extract Images
- Extract URLs
- Identity Form
- Find XSS in forms Advanced Attack
- Find XSS in forms Simple Attack
- Web Server Mount Response Splitting Attack
- Header Inject Poison
- Cache Poison Defacer
- CRLF Response Splitting Attack & Fuzzer
- HTTP Response Smuggling Fuzzing
- Web Cache Deception Attack Check
- HTTP Methods Information
- Custom CSRF Injection Request
- Load CSRF HTML Templates
- Shell Shock
- Cross Site Request Forgery Audi Toolkit
- Find Available HTTP Methods
- Find XSS in Parameters using Screaming Cobra
- Find Missing HTTPS Methods
- Server Side Request Forgery
- Find Available HTTPS Methods
- Audit XML RPC Methods, Extract All Information
- Cookie Stealer XSS Localhost Server
- Command Injections Exploits
- Show JSON Endpoint List
- Perform Blind, Encoded, Responsive XXE Injection
- Perform File Upload Injections
- Perform Side Side Template Injection
- Perform JSON Web Token Injection
- Perform Web Socket Injection
- Perform Amazon Bucket Injection 101 AWS Amazon
- Extract Cname Records for Hijacking
- Insecure Direct Object Reference - BURP
- Perform CVS Injection
- Perform XPATH Injection
- Find SQL, XPATH, ASPX, JAVA, JAVA SCRIPT, PHP Bugs
- Find XPATH and SQL Parameter Injection
- Show Two-Factor Authentication Payloads
- Mutated XSS Payloads
- Stored XSS Payloads
- Reflected XSS Payloads
- WAF Bypass Payloads
- Find XSS Using Response Splitting
- Extract Links - Advanced
- Download Images - EXIF Data
- Simple Response Splitting Attack
- Double Response Splitting Attack
- HTTP Cache Poison Attack
- HTTP Cache Injection Attack
- HTTP Fuzzer
- IP Obfuscating
- RFI
- LFI
- Binary Buffer Overflow Finder
- Stored and Reflected XSS Angular JS Payloads
- Phantom JS XSS Payload Helper
- Angular JS Client Side Automatic XSS Finder
- Session Hijacking Burp Method
- OAUTH Injections
- Bypass Firewall Using DNS History
Tishna is in development stage. May not everything work perfectly. If any thing goes wrong we can open an issue in it's Github page that the developer can fix it.
So here the stage comes when we begging for following us on Blogger, Twitter and share our post on the social media (except Facebook they banned our URLs , May be because of this Facebook Account Hacking post).