TireFire is cool. HackTricks-Automatic-Commands is better. Check it out!
Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.
"The Metasploit of External Enumeration"
- Think Metasploit, but for external enumeration...
- TireFire is a scalable and straightforward platform to place your operational workflow.
- Based on the terminal emulator Tilix to give a GUI feel with the convenience of CLI.
- The database for TireFire (Main.csv) is easily altered to support your methodologies as they are substituted and appended.
- Great for HTB and OSCP like machines.
- TireFire is a product of 19% security solutions.
sudo TireFire 10.10.10.5
- Kickoff TireFire (TireFire 10.10.10.5).
- When prompted, type "Y" to kickoff a Quick, Banner, All-Port, and UDP nmap scan.
- Depending upon the ports returned, run scans for those ports.
- Choose lower numbered scans for the corresponding port and then higher ones as you need to get more specific.
- Change variables as you need to suit your target (Example: HTTP running on port 8500).
- Run multiple commands from a table at once by splitting the command numbers with commas. EX: 0,1,2 (Spaces and periods work aswell)
- Ctrl+Z will bring you back to the main TireFire Page.
- Ctrl+PageUp/PageDown will allow you to peruse through open tabs.
- Ctrl+S will split the screen.
- Ctrl+T for a new tab.
- Ctrl+h for help.
git clone https://github.com/CoolHandSquid/TireFire.git
cd TireFire
sudo ./Build.sh
- Open Main.csv with your favorite csv editor (I'm partial to ModernCSV and Excel).
- When adding a command, keep in mind Name, Port, and Description are for the primary display screen; Cmd_Name, Cmd_Description, Cmd_Command, Cmd_Comment, and SubDisplayOrder are for the secondary display screen.
- Cmd_Command has a few special characters including &&&&, #, ##, ?, and {}.
- &&&& Anywhere in the command will split the line and start each command individually in separate tabs.
- Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open.
- "#" is for sending yourself notes to another tab.
- "#" can be useful if you don't want to run a command, but you want to give yourself copy-paste notes for manual enumeration.
- Set only the first character of the line to # if you want variables to be evaluated.
- Set the first two characters of the line to ## if you do not want variables to be evaluated.
- "?" is for sending a question to the user. The responce will be set to a numbered variable.
- You can send multiple lines of questions for multiple variables.
- Example:
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
?What is a known password you would like to brute force?
wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e
- {} is for grabbing a variable from TireFire.
- Available variables can be viewed in the variables table.
Please contact me at [email protected] for contribution, suggestions, and ideas!