Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.
TireFire is an enumeration platform powered by HackTricks!
Where other enumeration tools are fire and forget (sometimes running hundreds of scans without your control), TireFire is semi-automatic, meaning that you initiate every scan. Scan control is a valuable trait because you
git clone https://github.com/CoolHandSquid/TireFire.git
cd TireFire
./Build.sh
#cd /dir/you/want/to/enumerate/from
TireFire x.x.x.x -i tmux #Chose "tmux" or "tilix" as your interface.
What makes TireFire so powerful is the People! You can help contribute by sending a PR to book.hacktricks.xyz (into an existing HackTricks Automatic Commands YAML code block or create your own), or shooting an email to [email protected]. Simply follow this template when creating your own. Notice that
## HackTircks Automatic Commands
```text
Protocol_Name: DNS #Protocol Abbreviation if there is one.
Port_Number: 53 #Comma separated if there is more than one.
Protocol_Description: Domain Name Service #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for DNS
Note: |
#These are the commands I run every time I see an open DNS port
dnsrecon -r 127.0.0.0/24 -n {IP} -d {Domain_Name}
dnsrecon -r 127.0.1.0/24 -n {IP} -d {Domain_Name}
dnsrecon -r {Network}{CIDR} -n {IP} -d {Domain_Name}
dig axfr @{IP}
dig axfr {Domain_Name} @{IP}
nslookup
SERVER {IP}
127.0.0.1
{IP}
Domain_Name
exit
https://book.hacktricks.xyz/pentesting/pentesting-dns
Entry_2:
Name: Banner Grab
Description: Grab DNS Banner
Command: dig version.bind CHAOS TXT @DNS
&&&&
&&&& Anywhere in the command will split the line and start each command individually in separate tabs.
Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open.
?
"?" is for sending a question to the user. The response will be set to a numbered variable.
You can send multiple lines of questions for numerous variables.
Example:
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
?What is a known password you would like to brute force?
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e
{}
{} is for grabbing a variable from TireFire.
Available variables are:
IP
Network
CIDR
Domain_Name
Naming_Context
Web_Proto
Web_Port
Username
Password
Big_Passwordlist
Small_Passwordlist
Big_Dirlist
Small_Dirlist
Tool_Dir
The current variable values can be viewed in the variables table.
Please contact me at [email protected] for contributions, suggestions, and ideas!