Tachyon is a Fast Multi-Threaded Web Discovery Tool

The main goal of tachyon is to help webadmins find leftover files in their

site installation, permission problems and web server configuration errors.

It is not a vulnerability scanner, or a web crawler.

It provides:
– Plugin support
– SSL support
– Tor support (trough privoxy)
– Robots.txt support
– Common directory lookup
– Fast Multi-Threaded execution
– Automatic variable rate limiter
– Recursive scanning

REQUIREMENTS
– A mainstream OS (Windows, Linux, Mac OS X)
– Python 2.7
– urllib3 1.1+ (~# easy_install urllib3)

HOW TO HELP (for sysadmins)
– Run tachyon on your domain
– Run a recursive directory listing of your domain (I don’t need to know what is the domain)
– Send me the result list and the directory listing

TODO:
– Add empty file detection/tagging
– Fix TOR support.
– Filter targets to remove duplicate scan
– Parseable output for GUI integration (better stats system for live stats)
– Add an match-string=404 mechanism for edge cases
– Add heuristic to limit false positives on recursive mode over bogus install (WEB-INF\***)
– Add callbacks method to plugins
– Support files in robots plugin
– Add support for non-xml /.svn/entries files
– Sitemap.xml plugin
Using tor
– Under Ubuntu:
– sudo apt-get install tor, privoxy
– open /etc/privoxy/conf, go to section 5.2, uncomment the line concerning Tor on localhost
– sudo service privoxy restart
– Enable the tor switch in tachyon
– Be patient, it will be a lot slower.

Download : Zipball  |  Tarball

Advertisements