TireFire is an enumeration platform powered by HackTricks!
- TireFire is an enumeration platform powered by HackTricks
- Updated weekly from "HackTricks Automatic Commands" YAML code blocks in Hacktricks
- Product of 19% Security Solutions
Where other enumeration tools are fire and forget (sometimes running hundreds of scans without your control), TireFire is semi-automatic, meaning that you initiate every scan. Scan control is a valuable trait because you
- can limit your footprint
- end with a convenient list of all scans sent from TireFire to the target
- will gain more profitable experience on training boxes (OSCP, HTB, TryHackMe)
- can approach network penetration tests with confidence and reliability
git clone https://github.com/CoolHandSquid/TireFire.git cd TireFire ./Build.sh #cd /dir/you/want/to/enumerate/from TireFire x.x.x.x -i tmux #Chose "tmux" or "tilix" as your interface. - Kickoff TireFire (TireFire 10.10.10.5 -i tmux).
- C-b w (Move into the TireFire tmux Session).
- When prompted, type "Y" to kickoff a Quick, Banner, All-Port, and UDP nmap scan.
- Notice that new windows were opened, kicking off those scans. Depending upon the ports returned, run scans for those ports.
- Change variables as you need to suit your target (Example: HTTP running on port 8500).
- Run multiple commands from a table at once by splitting the command numbers with commas. EX: 0,1,2 (Spaces and periods work as well)
- Tilix Specific ProTips
- Ctrl+Z will bring you back to the main table Page.
- Ctrl+PageUp/PageDown will allow you to peruse through open tabs.
- Ctrl+S will split the screen.
- Ctrl+T for a new tab.
- Ctrl+h for help.
What makes TireFire so powerful is the People! You can help contribute by sending a PR to book.hacktricks.xyz (into an existing HackTricks Automatic Commands YAML code block or create your own), or shooting an email to coolhandsquid@gmail.com. Simply follow this template when creating your own. Notice that
- the title must be correct (It is used for parsing)
- each entry has a different name
- each entry has either a "Note" or a "Command" section. A Command section will get executed, where a Note section will only be read to screen
## HackTircks Automatic Commands ```text Protocol_Name: DNS #Protocol Abbreviation if there is one. Port_Number: 53 #Comma separated if there is more than one. Protocol_Description: Domain Name Service #Protocol Abbreviation Spelled out Entry_1: Name: Notes Description: Notes for DNS Note: | #These are the commands I run every time I see an open DNS port dnsrecon -r 127.0.0.0/24 -n {IP} -d {Domain_Name} dnsrecon -r 127.0.1.0/24 -n {IP} -d {Domain_Name} dnsrecon -r {Network}{CIDR} -n {IP} -d {Domain_Name} dig axfr @{IP} dig axfr {Domain_Name} @{IP} nslookup SERVER {IP} 127.0.0.1 {IP} Domain_Name exit https://book.hacktricks.xyz/pentesting/pentesting-dns Entry_2: Name: Banner Grab Description: Grab DNS Banner Command: dig version.bind CHAOS TXT @DNS &&&& &&&& Anywhere in the command will split the line and start each command individually in separate tabs. Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open. ? "?" is for sending a question to the user. The response will be set to a numbered variable. You can send multiple lines of questions for numerous variables. Example: ?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php ?What is a known password you would like to brute force? wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e {} {} is for grabbing a variable from TireFire. Available variables are: IP Network CIDR Domain_Name Naming_Context Web_Proto Web_Port Username Password Big_Passwordlist Small_Passwordlist Big_Dirlist Small_Dirlist Tool_Dir The current variable values can be viewed in the variables table.
Please contact me at CoolHandSquid32@gmail.com for contributions, suggestions, and ideas!
