Tachyon : Fast Http Dead File Finder

Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data.

User Requirements

  • Linux
  • Python 3.5.2

User Installation

Install

$ mkdir tachyon
$ python3 -m venv tachyon/
$ cd tachyon
$ source bin/activate
$ pip install tachyon3
$ tachyon -h

Upgrading

$ cd tachyon
$ source bin/activate
$ pip install –ignore-installed –upgrade tachyon3

Usage

$ cd tachyon
$ source bin/activate
$ tachyon -h

Also Read – Aura Botnet : A Super Portable Botnet Framework With A Django-Based C2 Server

Developers Installation

$ git clone https://github.com/delvelabs/tachyon.git
$ mkdir tachyon
$ python3 -m venv tachyon/
$ source tachyon/bin/activate
$ cd tachyon
$ pip install -r requirements-dev.txt

Getting started

Note: if you have the source code version, replace tachyon with python3 -m tachyon in the examples below.

$ cd tachyon
$ source bin/activate

To run a discovery with the default settings:

tachyon http://example.com/

To run a discovery over a proxy:

tachyon -p http://127.0.0.1:8080 http://example.com/

To search for files only:

tachyon -f http://example.com/

To search for directories only:

tachyon -s http://example.com/

To output results to JSON format:

tachyon -j http://example.com/

Command Line Options

Usage: main.py [OPTIONS] TARGET_HOST
Options:
-a, –allow-download
-c, –cookie-file TEXT
-l, –depth-limit INTEGER
-s, –directories-only
-f, –files-only
-j, –json-output
-m, –max-retry-count INTEGER
-z, –plugins-only
-x, –plugin-settings TEXT
-p, –proxy TEXT
-r, –recursive
-u, –user-agent TEXT
-v, –vhost TEXT
-C, –confirmation-factor INTEGER
–har-output-dir TEXT
-h, –help Show this message and exit.

Format for the cookies file

cookie0=value0;
cookie1=value1;
cookie2=value2;

Plugins

Existing plugins:

  • HostProcessor: This plugin process the hostname to generate host and filenames relatives to it.
  • PathGenerator: Generate simple paths with letters and digits (ex: /0).
  • Robots: Add the paths in robots.txt to the paths database.
  • SitemapXML: Add paths and files found in the site map to the database.
  • Svn: Fetch /.svn/entries and parse for target paths.

Plugins settings

Settings can be pass to the plugins via the -x option. Each option is a key/value pair, with a colon joining the key and its value. Use a new -x for each setting.

tachyon -x setting0:value0 -x setting1:value1 -x setting2:value2 http://example.com/

Download
R K

Share
Published by
R K
Tags: httpTachyon
7 years ago

Recent Posts

Install Gitea Ubuntu: Complete Setup Guide for Developers

Managing source code efficiently is essential for modern software development, and Install Gitea Ubuntu is…

3 hours ago

Install Ruby Ubuntu – 3 Easy Ways to Set Up Ruby on Ubuntu 20.04

Ruby remains one of the most popular programming languages for web development, automation, and software…

4 hours ago

Plex Media Server Setup: Install and Configure on Ubuntu 20.04

A Plex Media Server Setup on Ubuntu 20.04 is one of the easiest ways to…

5 hours ago

Why Deploying AI Is Just the Beginning: The Case for Ongoing AI Operations Monitoring

Most enterprise AI programs treat deployment as the destination. The business case is built around…

23 hours ago

Bash Scripting Best Practices Every Beginner Should Know

Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…

6 days ago

How To Create A Self-Signed SSL Certificate Using Bash And OpenSSL

Introduction A self-signed SSL certificate is a certificate that is created and signed by the…

6 days ago