icon Book Free Consultation

Tishna-Automated Pentest Framework


Complete Automated pentest framework for Servers, Application Layer to Web Security. Tishna is Web Server Security Penetration Software for Ultimate Security Analaysis.

Supported OS: Kali, Parrot OS, Black Arch, Termux, Android Led TV.

Brief introduction:

Tishna software can audit, servers and web behaviour. Tishna is useful in Banks, Private Organisations and Ethical hacker personnel for legal auditing. Tishna can perform Scanning & Enumeration as much as possible of target. It’s first step to stop cyber criminals by securing your Servers and Web Application Security. Tishna is false positive free, when there is something it will show no matter what, if it is not, it will give blank results rather error.


  • git clone https://github.com/haroonawanofficial/Tishna.git

  • cd Tishna

  • sudo chmod u+x *.sh

  • ./Kali_Installer.sh

  • Tishna will integrate as system software


Run the command tishna in the terminal, which would start the tool. Choose the available options for performing the automated scan on the website or web application. There are more than 60 modules in the tools.

  • Audit HTTP Methods

  • Extract Response Header

  • Extract Images

  • Extract URLS

  • Identify Form

  • Find XSS in Forms Advanced Attack

  • Find XSS in Forms Simple Attack

  • Web Server Mount Response Splitting Attack

  • Header Inject Poison

  • Cache Poison Defacer

  • CRLF Response Splitting Attack & Fuzzer

  • HTTP Response Smuggling Fuzzing

  • Web Cache Deception Attack Check

  • HTTP Methods Information

  • Custom CSRF Injection Request

  • Load CSRF HTML Templates

  • Shell Shock

  • Cross Site Request Forgery Audit Toolkit

  • Find Available HTTP Methods  

  • Find XSS in Parameters using Screaming Cobra

  • Find Missing HTTPS Methods

  • Server Side Request Forgery

  • Find Available HTTPS Methods

  • Audit XML RPC Methods, Extract All Information

  • Cookie Stealer XSS Localhost Server

  • Command Inections Exploits

  • Show JSON Endpoint List

  • Perform Blind,Encoded,Responsive XXE Injection

  • Perform File Upload Injections

  • Perform Side Side Template Injection

  • Perform JSON Web Token Injection

  • Perform Web Socket Injection

  • Perform Amazon Bucket Injection 101 aws amazon

  • Extract Cnames Records for Hijacking

  • Insecure Direct Object Reference - BURP

  • Perform CSV Injection

  • Perform XPATH Injection


  • Find XPath and SQL Parameter Injection

  • Show TWO-Factor Authenitcation Payloads

  • Mutated XSS payloads

  • Stored XSS payloads

  • Reflected XSS payloads

  • Waf Bypass payloads

  • Find XSS Using Response Spliting

  • Extract Links - Advanced

  • Download Images - Exif Data

  • Simple Response Splitting Attack

  • Double Response Splitting Attack

  • HTTP Cache Poison Attack

  • HTTP Cache Inject Poison

  • HTTP Fuzzer

  • IP Obfuscating

  • RFI

  • LFI

  • Binary Buffer Overflow Finder

  • Stored and Reflected XSS Angular JS Payloads

  • Phantom JS XSS Payload Helper

  • Agular JS Client Side Automatic XSS Finder

  • Session Hijacking Burp Method

  • OAUTH Injections

  • Bypass Firewall using DNS History