Tachyon – Fast Web Security Reconnaissance Tool

Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data.

Tachyon - Fast http Dead File Finder
Tachyon – Fast http Dead File Finder

Existing plugins:

  • HostProcessor: This plugin process the hostname to generate host and filenames relatives to it.
  • PathGenerator: Generate simple paths with letters and digits (ex: /0).
  • Robots: Add the paths in robots.txt to the paths database.
  • SitemapXML: Add paths and files found in the site map to the database.
  • Svn : Fetch /.svn/ entries and parse for target paths.

Settings can be pass to the plugins via the -x option . Each option is a key / value pair, with a colon joining the key and its value.

Some of the use cases are:

  • Run a discovery with the default settings.
  • Run a discovery over a proxy. This is using the -p option.
  • Search for files on the remote server. This is using the -f option
  • Search for directories on the remote server. This is using the -s option
  • Output the result to json file. This is using the -j option.

You can read more and download the tool over here: https://github.com/delvelabs/

Share