Skip to content

Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.

License

Notifications You must be signed in to change notification settings

CoolHandSquid/TireFire

Repository files navigation

TireFire

TireFire is an enumeration platform powered by HackTricks!

tweet

Contents

About

  • TireFire is an enumeration platform powered by HackTricks
  • Updated weekly from "HackTricks Automatic Commands" YAML code blocks in Hacktricks
  • Product of 19% Security Solutions

Philosophy

Where other enumeration tools are fire and forget (sometimes running hundreds of scans without your control), TireFire is semi-automatic, meaning that you initiate every scan. Scan control is a valuable trait because you

  • can limit your footprint
  • end with a convenient list of all scans sent from TireFire to the target
  • will gain more profitable experience on training boxes (OSCP, HTB, TryHackMe)
  • can approach network penetration tests with confidence and reliability

Demo

Tmux

TmuxRecon

Tilix

Tire Fire

Build and Kickoff

git clone https://github.com/CoolHandSquid/TireFire.git
cd TireFire
./Build.sh

#cd /dir/you/want/to/enumerate/from
TireFire x.x.x.x -i tmux #Chose "tmux" or "tilix" as your interface.

Methodology

  1. Kickoff TireFire (TireFire 10.10.10.5 -i tmux).
    alt text
  2. C-b w (Move into the TireFire tmux Session). alt text
  3. When prompted, type "Y" to kickoff a Quick, Banner, All-Port, and UDP nmap scan. alt text
  4. Notice that new windows were opened, kicking off those scans. Depending upon the ports returned, run scans for those ports. alt text
  5. Change variables as you need to suit your target (Example: HTTP running on port 8500). alt text

ProTips

  • Run multiple commands from a table at once by splitting the command numbers with commas. EX: 0,1,2 (Spaces and periods work as well) alt text
  • Tilix Specific ProTips
    • Ctrl+Z will bring you back to the main table Page.
    • Ctrl+PageUp/PageDown will allow you to peruse through open tabs.
    • Ctrl+S will split the screen.
    • Ctrl+T for a new tab.
    • Ctrl+h for help.

How To Contribute

What makes TireFire so powerful is the People! You can help contribute by sending a PR to book.hacktricks.xyz (into an existing HackTricks Automatic Commands YAML code block or create your own), or shooting an email to [email protected]. Simply follow this template when creating your own. Notice that

  • the title must be correct (It is used for parsing)
  • each entry has a different name
  • each entry has either a "Note" or a "Command" section. A Command section will get executed, where a Note section will only be read to screen
## HackTircks Automatic Commands

```text
Protocol_Name: DNS    #Protocol Abbreviation if there is one.
Port_Number:  53     #Comma separated if there is more than one.
Protocol_Description: Domain Name Service        #Protocol Abbreviation Spelled out

Entry_1:
  Name: Notes
  Description: Notes for DNS
  Note: |
    #These are the commands I run every time I see an open DNS port

    dnsrecon -r 127.0.0.0/24 -n {IP} -d {Domain_Name}
    dnsrecon -r 127.0.1.0/24 -n {IP} -d {Domain_Name}
    dnsrecon -r {Network}{CIDR} -n {IP} -d {Domain_Name}
    dig axfr @{IP}
    dig axfr {Domain_Name} @{IP}
    nslookup
        SERVER {IP}
        127.0.0.1
        {IP}
        Domain_Name
        exit

    https://book.hacktricks.xyz/pentesting/pentesting-dns

Entry_2:
  Name: Banner Grab
  Description: Grab DNS Banner
  Command: dig version.bind CHAOS TXT @DNS

TireFire Meta Language

&&&&
&&&& Anywhere in the command will split the line and start each command individually in separate tabs.
Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open.

?
"?" is for sending a question to the user. The response will be set to a numbered variable.
You can send multiple lines of questions for numerous variables.
Example:
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
?What is a known password you would like to brute force?
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e 

{}
{} is for grabbing a variable from TireFire.
Available variables are:
  IP
  Network
  CIDR
  Domain_Name
  Naming_Context
  Web_Proto
  Web_Port
  Username
  Password
  Big_Passwordlist
  Small_Passwordlist
  Big_Dirlist
  Small_Dirlist
  Tool_Dir
The current variable values can be viewed in the variables table.

Supporters

Stargazers repo roster for @CoolHandSquid/TireFire Forkers repo roster for coolhandsquid/TireFire

Contact

Please contact me at [email protected] for contributions, suggestions, and ideas!

Back to top

About

Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •