Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)
IMPORTANT:
Vaile Framework has been merged into the original TIDoS Framework. You can find the latest progress here: https://github.com/0xInfection/TIDoS-Framework. This repository is discontinued.
Pentest framework based on TIDoS.
IMPORTANT:
The new Qt5 interface is complete, but has additional dependencies. Take a look at the updated installation instructions.
Here is some light on what the framework is all about:
(purely developmental)
more under development
Auto-Awesome
module which automates every module for you.The main differences between Vaile and TIDoS are:
To install the framework globally in /opt, run the provided core/install.py
script as root. After this, you can launch Vaile simply by typing Vaile
on the command line.
git clone https://github.com/vainlystrain/vaile.git
cd Vaile
Vaile needs some libraries to run, which can be installed via aptitude
or dnf
Package Managers.
sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python3-pip libmariadbclient18 libmysqlclient-dev tor konsole
Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
pip3 install -r requirements.txt
Thats it. You now have Vaile at your service. Fire it up using:
python3 Vaile #Qt5 interface
sudo python3 vsconsole.py #console interface
To get the current version of Vaile, move into the installation folder and perform (sudo) git pull #sudo if installed by install.py
. Alternatively, you can run the fetch
command in vsconsole.
To get started, you need to set your own API KEYS
for various OSINT & Scanning and Enumeration purposes. To do so, open up API_KEYS.py
under files/
directory and set your own keys and access tokens for SHODAN
, CENSYS
, FULL CONTACT
, GOOGLE
and WHATCMS
.
GOOD NEWS:
The latest release of Vaile includes all API KEYS and ACCESS TOKENS for
SHODAN
,CENSYS
,FULL CONTACT
,WHATCMS
by default. I found these tokens on various repositories on GitHub itself. You can now use all the modules which use the API KEYS. :)
__ __
! attack Attack specified target(s) M
: clear Clear terminal. :
V creds Handle target credentials.
: fetch Check for and install updates. :
: find Search a module. :
help Show help message. :
info Show description of current module. M
: intro Display Intro. :
: leave Leave module. M
list List all modules of a category. :
: load Load module. :
: netinfo Show network information. :
: opts Show options of current module. M
phpsploit Load the phpsploit framework. :
(needs to be downloaded externally)
: processes Set number of processes in parallelis. :
q Terminate Vaile session. :
: sessions Interact with cached sessions. :
: set Set option value of module. M
: tor Pipe Attacks through the Tor Network. :
vicadd Add Target to list. :
vicdel Delete Target from list. :
viclist List all targets. :
Avail. Cmds
M needs loaded modvle
V [! potentially] need loaded target(s)
Vaile Attack presently supports the following: and more modules are under active development
Reconnaissance + OSINT
Passive Reconnaissance:
Via external APi
Domain info gathering
Pinpoint physical location
DNSDump
Indexed ones
Host Instances
Hosts on same server
Class Based
IP Instances
Indexed ones
Manual search
Automated
Email WhoIs
Find Backups
Pwned Email Accounts
Emails Only
Social Networks
Domain Based
Employees & Company
Domain Profiles
FULL CONTACT
Domain Based
Bad IPs
Active Reconnaissance:
Advanced
(185+ CMSs supported)
IMPROVED
IMPROVED
robots.txt
and sitemap.xml
CheckerLive Capture
via OPTIONS
IMPROVED
Absolute
File Based
PROFIND & SEARCH
via Bruteforce
Regex Based
Name Server Based
User-Agent Based
via Bruteforce
shells, etc.
.bak, .db, etc.
.pgp, .skr, etc.
.pac, etc.
index, index1, etc.
.htaccess, .apache, etc
.log, .changelog, etc
Information Disclosure:
If Plaintext
IMPROVED
Includes Full Path Disclosure
Signature Based
Signature Based
US Ones
Scanning & Enumeration
Generic
54 WAFs
Ingenious Modules
via Socket Connections
Highly reliable
Highly Reliable
Reliable Only in LANs
Reliable Only in LANs
Absolute
Absolute
IMPROVED
via Open Ports
16 preloaded modules
Using CENSYS Database
Indexed Uri Crawler
Single Page Crawler
Web Link Crawler
NEW
Vulnerability Analysis
Web-Bugs & Server Misconfigurations
Absolute
Sub-domain based
DNS Server based
X-FRAME-OPTIONS
Header ChecksHTTPOnly
FlagSecure
Flag on CookiesFor Breaches
SPF
RecordsDMARC
RecordsWeb Socket Based
X-Forwarded-For
Header InjectionLive Capture
HTTP TRACE Method
via Cookie Injection
TELNET
Enabled via Port 23
Serious Web Vulnerabilities
Param based
IMPROVED
Linux & Windows (RCE)
ENHANCED
Absolute
IMPROVED
Crafted Payloads
IMPROVED
Parameter Based
Parameter Based
ShellShock
Apache RCE
Parameter Based
IMPROVED
Manual
Open Redirect
Windows + Linux RCE
HTTP Response Splitting
Manual
50+ Services
Manual
Automated
Other
PlainText Protocol Default Credential Bruteforce
BROKEN:DEP
Auxillary Modules
MD5, SHA1, SHA256, SHA512
7 Categories
Metadata Extraction
ShodanLabs HoneyScore
Exploitation purely developmental
net_info.py
- Displays information about your network. Accessible from 'netinfo' command.Lets see some screenshots of Vaile in action:
v2.2.5-10 [latest release] [#stable]
Vaile is provided as an offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.
THEREFORE, NEITHER THE AUTHOR NOR THE CONTRIBUTORS ARE RESPONSIBLE FOR ANY MISUSE OR DAMAGE DUE TO THIS TOOLKIT.