Tachyon : Fast Http Dead File Finder

Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data.

User Requirements

  • Linux
  • Python 3.5.2

User Installation

Install

$ mkdir tachyon
$ python3 -m venv tachyon/
$ cd tachyon
$ source bin/activate
$ pip install tachyon3
$ tachyon -h

Upgrading

$ cd tachyon
$ source bin/activate
$ pip install –ignore-installed –upgrade tachyon3

Usage

$ cd tachyon
$ source bin/activate
$ tachyon -h

Also Read – Aura Botnet : A Super Portable Botnet Framework With A Django-Based C2 Server

Developers Installation

$ git clone https://github.com/delvelabs/tachyon.git
$ mkdir tachyon
$ python3 -m venv tachyon/
$ source tachyon/bin/activate
$ cd tachyon
$ pip install -r requirements-dev.txt

Getting started

Note: if you have the source code version, replace tachyon with python3 -m tachyon in the examples below.

$ cd tachyon
$ source bin/activate

To run a discovery with the default settings:

tachyon http://example.com/

To run a discovery over a proxy:

tachyon -p http://127.0.0.1:8080 http://example.com/

To search for files only:

tachyon -f http://example.com/

To search for directories only:

tachyon -s http://example.com/

To output results to JSON format:

tachyon -j http://example.com/

Command Line Options

Usage: main.py [OPTIONS] TARGET_HOST
Options:
-a, –allow-download
-c, –cookie-file TEXT
-l, –depth-limit INTEGER
-s, –directories-only
-f, –files-only
-j, –json-output
-m, –max-retry-count INTEGER
-z, –plugins-only
-x, –plugin-settings TEXT
-p, –proxy TEXT
-r, –recursive
-u, –user-agent TEXT
-v, –vhost TEXT
-C, –confirmation-factor INTEGER
–har-output-dir TEXT
-h, –help Show this message and exit.

Format for the cookies file

cookie0=value0;
cookie1=value1;
cookie2=value2;

Plugins

Existing plugins:

  • HostProcessor: This plugin process the hostname to generate host and filenames relatives to it.
  • PathGenerator: Generate simple paths with letters and digits (ex: /0).
  • Robots: Add the paths in robots.txt to the paths database.
  • SitemapXML: Add paths and files found in the site map to the database.
  • Svn: Fetch /.svn/entries and parse for target paths.

Plugins settings

Settings can be pass to the plugins via the -x option. Each option is a key/value pair, with a colon joining the key and its value. Use a new -x for each setting.

tachyon -x setting0:value0 -x setting1:value1 -x setting2:value2 http://example.com/

R K

Recent Posts

WID_LoadLibrary : The Intricacies Of DLL Management In Windows

WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…

14 hours ago

Locksmith : A Tool For Securing Active Directory Certificate Services

Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…

15 hours ago

Uscrapper Vanta : A Cutting-Edge OSINT Tool For Advanced Data Extraction

Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…

15 hours ago

Pake : Transforming Webpages Into Desktop Applications

Pake is an innovative tool designed to convert any webpage into a desktop application with…

19 hours ago

Bevy : Exploring The Frontier Of Game Development With Rust

Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…

19 hours ago

AppFlowy Cloud : Enhancing Collaboration With Secure Cloud Infrastructure

AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…

2 days ago