Tachyon is a fast web application security reconnaissance tool.
It is specifically meant to crawl a web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data.
- Linux
- Python 3.6+
$ mkdir tachyon
$ python3 -m venv tachyon/
$ cd tachyon
$ source bin/activate
$ pip install tachyon3
$ tachyon -h$ cd tachyon
$ source bin/activate
$ pip install --ignore-installed --upgrade tachyon3$ cd tachyon
$ source bin/activate
$ tachyon -h$ git clone https://github.com/delvelabs/tachyon.git
$ mkdir tachyon
$ python3 -m venv tachyon/
$ source tachyon/bin/activate
$ cd tachyon
$ pip install -r requirements-dev.txtNote: if you have the source code version, replace tachyon with python3 -m tachyon in the examples below.
$ cd tachyon
$ source bin/activateTo run a discovery with the default settings:
tachyon http://example.com/To run a discovery over a proxy:
tachyon -p http://127.0.0.1:8080 http://example.com/To search for files only:
tachyon -f http://example.com/To search for directories only:
tachyon -s http://example.com/To output results to JSON format:
tachyon -j http://example.com/Usage: __main__.py [OPTIONS] TARGET_HOST
Options:
-a, --allow-download
-c, --cookie-file TEXT
-l, --depth-limit INTEGER
-s, --directories-only
-f, --files-only
-j, --json-output
-m, --max-retry-count INTEGER
-z, --plugins-only
-x, --plugin-settings TEXT
-p, --proxy TEXT
-r, --recursive
-u, --user-agent TEXT
-v, --vhost TEXT
-C, --confirmation-factor INTEGER
--har-output-dir TEXT
-h, --help Show this message and exit.
cookie0=value0;
cookie1=value1;
cookie2=value2;
- HostProcessor: This plugin processes the hostname to generate hosts and filenames relatives to it.
- PathGenerator: Generate simple paths with letters and digits (ex: /0).
- Robots: Add the paths in robots.txt to the paths database.
- SitemapXML: Add paths and files found in the site map to the database.
- Svn: Fetch /.svn/entries and parse for target paths.
Settings can be passed to the plugins via the -x option. Each option is a key/value pair, with a colon joining the key
and its value. Use a new -x for each setting.
tachyon -x setting0:value0 -x setting1:value1 -x setting2:value2 http://example.com/Most contributions are welcome. Simply submit a pull request on GitHub.
Instruction for contributors:
- Accept the contributor license agreement.
- Write tests for your code. Untested code will be rejected.
To report a bug or suggest a feature, open an issue.
Copyright 2019- Delve Labs inc.
This software is published under the GNU General Public License, version 2.