Awesome Open Source
Awesome Open Source

TireFire

Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.

"The Metasploit of External Enumeration"

tweet

Contents

About

  • Think Metasploit, but for external enumeration...
  • TireFire is a scalable and straightforward platform to place your operational workflow.
  • Based on the terminal emulator Tilix to give a GUI feel with the convenience of CLI.
  • The database for TireFire (Main.csv) is easily altered to support your methodologies as they are substituted and appended.
  • Great for HTB and OSCP like machines.
  • TireFire is a product of 19% security solutions.

Demo

Tire Fire

Kickoff

sudo TireFire 10.10.10.5

Methodology

  1. Kickoff TireFire (TireFire 10.10.10.5).
  2. When prompted, type "Y" to kickoff a Quick, Banner, All-Port, and UDP nmap scan.
  3. Depending upon the ports returned, run scans for those ports.
  4. Choose lower numbered scans for the corresponding port and then higher ones as you need to get more specific.
  5. Change variables as you need to suit your target (Example: HTTP running on port 8500).

ProTips

  • Run multiple commands from a table at once by splitting the command numbers with commas. EX: 0,1,2 (Spaces and periods work aswell) alt text
  • Ctrl+Z will bring you back to the main TireFire Page.
  • Ctrl+PageUp/PageDown will allow you to peruse through open tabs.
  • Ctrl+S will split the screen.
  • Ctrl+T for a new tab.
  • Ctrl+h for help.

Build

git clone https://github.com/CoolHandSquid/TireFire.git
cd TireFire
sudo ./Build.sh

Adding Modules

  • Open Main.csv with your favorite csv editor (I'm partial to ModernCSV and Excel).
  • When adding a command, keep in mind Name, Port, and Description are for the primary display screen; Cmd_Name, Cmd_Description, Cmd_Command, Cmd_Comment, and SubDisplayOrder are for the secondary display screen. alt text

Special Characters and Syntax

  • Cmd_Command has a few special characters including &&&&, #, ##, ?, and {}.

&&&&

  • &&&& Anywhere in the command will split the line and start each command individually in separate tabs.
  • Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open.

# and ##

  • "#" is for sending yourself notes to another tab.
  • "#" can be useful if you don't want to run a command, but you want to give yourself copy-paste notes for manual enumeration.
  • Set only the first character of the line to # if you want variables to be evaluated.
  • Set the first two characters of the line to ## if you do not want variables to be evaluated.

?

  • "?" is for sending a question to the user. The responce will be set to a numbered variable.
  • You can send multiple lines of questions for multiple variables.
  • Example:
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
?What is a known password you would like to brute force?
wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e 

{}

  • {} is for grabbing a variable from TireFire.
  • Available variables can be viewed in the variables table.

Supporters

Stargazers repo roster for @coolhandsquid/TireFire Forkers repo roster for coolhandsquid/TireFire

Contact

Please contact me at [email protected] for contribution, suggestions, and ideas!

Back to top


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (1,126,520
Hacking Tool (868
Pentest Tool (419
Enumeration (355
Oscp (183
Cyber (149
Related Projects