TireFire is an enumeration platform powered by HackTricks!
Where other enumeration tools are fire and forget (sometimes running hundreds of scans without your control), TireFire is semi-automatic, meaning that you initiate every scan. Scan control is a valuable trait because you
git clone https://github.com/CoolHandSquid/TireFire.git
cd TireFire
./Build.sh
#cd /dir/you/want/to/enumerate/from
TireFire x.x.x.x -i tmux #Chose "tmux" or "tilix" as your interface.
What makes TireFire so powerful is the People! You can help contribute by sending a PR to book.hacktricks.xyz (into an existing HackTricks Automatic Commands YAML code block or create your own), or shooting an email to coolhandsquid@gmail.com. Simply follow this template when creating your own. Notice that
Protocol_Name: DNS #Protocol Abbreviation if there is one.
Port_Number: 53 #Comma separated if there is more than one.
Protocol_Description: Domain Name Service #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for DNS
Note: |
#These are the commands I run every time I see an open DNS port
dnsrecon -r 127.0.0.0/24 -n {IP} -d {Domain_Name}
dnsrecon -r 127.0.1.0/24 -n {IP} -d {Domain_Name}
dnsrecon -r {Network}{CIDR} -n {IP} -d {Domain_Name}
dig axfr @{IP}
dig axfr {Domain_Name} @{IP}
nslookup
SERVER {IP}
127.0.0.1
{IP}
Domain_Name
exit
https://book.hacktricks.xyz/pentesting/pentesting-dns
Entry_2:
Name: Banner Grab
Description: Grab DNS Banner
Command: dig version.bind CHAOS TXT @DNS
&&&&
&&&& Anywhere in the command will split the line and start each command individually in separate tabs.
Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open.
?
"?" is for sending a question to the user. The response will be set to a numbered variable.
You can send multiple lines of questions for numerous variables.
Example:
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
?What is a known password you would like to brute force?
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e
{}
{} is for grabbing a variable from TireFire.
Available variables are:
IP
Network
CIDR
Domain_Name
Naming_Context
Web_Proto
Web_Port
Username
Password
Big_Passwordlist
Small_Passwordlist
Big_Dirlist
Small_Dirlist
Tool_Dir
The current variable values can be viewed in the variables table.
Please contact me at CoolHandSquid32@gmail.com for contributions, suggestions, and ideas!