Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data.
User Requirements
User Installation
Install
$ mkdir tachyon
$ python3 -m venv tachyon/
$ cd tachyon
$ source bin/activate
$ pip install tachyon3
$ tachyon -h
Upgrading
$ cd tachyon
$ source bin/activate
$ pip install –ignore-installed –upgrade tachyon3
Usage
$ cd tachyon
$ source bin/activate
$ tachyon -h
Also Read – Aura Botnet : A Super Portable Botnet Framework With A Django-Based C2 Server
Developers Installation
$ git clone https://github.com/delvelabs/tachyon.git
$ mkdir tachyon
$ python3 -m venv tachyon/
$ source tachyon/bin/activate
$ cd tachyon
$ pip install -r requirements-dev.txt
Getting started
Note: if you have the source code version, replace tachyon with python3 -m tachyon in the examples below.
$ cd tachyon
$ source bin/activate
To run a discovery with the default settings:
tachyon http://example.com/
To run a discovery over a proxy:
tachyon -p http://127.0.0.1:8080 http://example.com/
To search for files only:
tachyon -f http://example.com/
To search for directories only:
tachyon -s http://example.com/
To output results to JSON format:
tachyon -j http://example.com/
Command Line Options
Usage: main.py [OPTIONS] TARGET_HOST
Options:
-a, –allow-download
-c, –cookie-file TEXT
-l, –depth-limit INTEGER
-s, –directories-only
-f, –files-only
-j, –json-output
-m, –max-retry-count INTEGER
-z, –plugins-only
-x, –plugin-settings TEXT
-p, –proxy TEXT
-r, –recursive
-u, –user-agent TEXT
-v, –vhost TEXT
-C, –confirmation-factor INTEGER
–har-output-dir TEXT
-h, –help Show this message and exit.
Format for the cookies file
cookie0=value0;
cookie1=value1;
cookie2=value2;
Plugins
Existing plugins:
Plugins settings
Settings can be pass to the plugins via the -x option. Each option is a key/value pair, with a colon joining the key and its value. Use a new -x for each setting.
tachyon -x setting0:value0 -x setting1:value1 -x setting2:value2 http://example.com/
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…