ATSCAN SCANNER

Advanced Search / Dork / Mass Exploitation Scanner فاحص متقدم لبحث و استغلال الثغرات بالجملة

Alisam Technology is not responsible for any misuse, damage caused by this script or attacking targets without prior mutual consent! It is your responsibility to obey laws!

Codename:	4n0n4t
AUTHOR:	Ali MEHDIOUI
GROUP:	Alisam@Technology

★ Description:

● Engines: [Google apis cache] Bing Ask Yandex Sogou Exalead Shodan ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Mass Extern commands execution. ● Exploits and issues search. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress & Joomla sites. ● Wordpress theme and plugin detection. ● Find Admin page. ● Decode / Encode Base64 / MD5

● Ports scan. ● Collect IPs ● Collect E-mails. ● Auto detect errors. ● Auto detect forms. ● Auto detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● IP Localisation ● Issues and Exploit search ● Interactive and Normal interface. ● And more...

★ Libreries to install:

Perl Required. Works in all platforms. Disponible in Blackarch and Dracos Linux.

★ Download:

● git clone https://github.com/AlisamTechnology/ATSCAN ● direct link: https://github.com/AlisamTechnology/ATSCAN

★ Permissions:

cd ATSCAN chmod +x ./atscan.pl

★ Installation:

chmod +x ./install.sh ./install.sh

★ Execution:

Portable Execution: perl ./atscan.pl Installed Tool Execution: atscan Menu: Applications > Web Application analysis > atscan

★ Repair Tool:

atscan --repair

★ Uninstall Tool:

atscan --uninstall

★ Commands:

--help / -h Help. --proxy Set tor proxy for scans [EX: --proxy "socks4://localhost:9050"] Set proxy [EX: --proxy "http://12.45.44.2:8080"] Set proxy list [EX: --proxy file] --prandom Random proxy [EX: --prandom file] or --prandom "socks://localhost:9050"] --motor / -m bing google ask yandex sogou exalead googleapis googlecache or all --apikey Apikey --cx Googleapis ID --mrandom Random of given engines --brandom Random all disponibles agents --freq Random time frequency (in seconds) --time set browser time out --dork / -d Dork to search [Ex: house [OTHER]cars [OTHER]hotel] --target / -t Target --level / -l Scan level (Number of results pages to scan) --zone Search engine country. --param / -p Set test parameter EX:id,cat,product_ID --save / -s Output. --source Html output file --bugtraq Serach exploits and issues --content Print request content --data Post and Get forms. See examples --vshell Validate by url ex: --HOST/shell.php or file --post Use post method --get Use get method --header Set headers --fullHeaders Print full request headers --host Domain name [Ex: site.com] --nobanner Hide tool banner --beep Produce beep sound if positive scan found. --ifend Produce beep sound when scan process is finished. --noverbose No scan verbose. --ping Host ping. --limit Limit max positive scan results. --valid / -v Validate by string at least 1 is matching --validAll Validate all given strings --status Validate by http header status --server Validate by server --ifinurl Get targets with exact string matching --sregex Get targets with exact regex matching --exclude Get targets where strings do not exist in html --excludeAll Get targets where all strings do not exist in html --unique Get targets with exact dork matching --replace Replace exact string --replaceFROM Replace from string to the end of target --exp / -e Exploit/Payload will be added to full target --expHost Exploit will be added to the host --expIp Exploit will be added to the host ip --sql Xss scan --lfi Local file inclusion --joomrfi Scan for joomla local file inclusion. --shell Shell link [Ex: http://www.site.com/shell.txt] --wpafd Scan wordpress sites for arbitrary file download --admin Get site admin page --shost Get site subdomains --port port --tcp TCP port --udp UDP port --getlinks Get target html links --wp Wordpress sites in the server --joom Joomla sites in the server --zip Get zip files --md5 Convert to md5 --encode64 Encode base64 string --decode64 decode base64 string --TARGET Will be replaced by target in extern command --HOST Will be replaced by host in extern command --HOSTIP Will be replaced by host IP in extern command --PORT Will be replaced by open port in extern command --ips Collect Ips --geoloc Ip geolocalisation --regex Crawl to get strings matching regex --noquery Remove string value from Query url [ex: site.com/index.php?id=string] --command / -c Extern Command to execute --popup Execute Extern Command in new terminal window --zoneH Upload to Zone-H --cookies Cookies output file --email Collect emails rang(x-y) EX: --expHost "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?id=rang(1-9)" --sql site.com/index.php?id=1 -> 9. repeat(txt-y) EX: --expHost "/index.php?id=repeat(../-9)wp-config.php" --sql OR -t "site.com/index.php?id=../wp-config.php" In site.com/index.php?id=../wp-config.php then site.com/index.php?id=../../wp-config.php 9 times [OTHER] To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3 --googleapi Google Apis --shodan Shodan search --count Search Shodan without Results --count Search Shodan --dnsreverset Shodan Reverse DNS Lookup --dnsresolve Shodan Resolve DNS Lookup --tokens String filters and parameters --querysearch Search the directory of saved Shodan search queries --query List the saved Shodan search queries --querytags List the most popular Shodan tags --myip List all services that Shodan crawls --services List all services that Shodan crawls --apinfo My Shodan API Plan Information --ports List of port numbers that the crawlers are looking for --protocols List all protocols that can be used when performing on-demand Internet scans via Shodan. --honeyscore Calculates honeypot score ranging from 0 (not a honeypot) to 1.0 (is a honeypot) in shodan --facets Shodan search facets --update Update tool --repair Repair or force tool update. --tool / -? Tool info. --config User configuration. --interactive / -i Interactive mode interface. --uninstall Uninstall Tool.

★ Examples:

● PROXY: Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050]. Proxy: Proxy: --proxy [proxy] Ex: http://12.32.1.5:8080 or --proxy file Ex: --proxy my_proxies.txt ● RANDOM: Random proxy: --prandom [proxy file] Random browser: --brandom Random engine: --mrandom [ENGINES] ● SET HEADERS: atscan --dork [dork / dorks.txt] --level [level] --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'" atscan -t target --data "name=>username, email=>xxxxxx, pass=>xxxxx" --post --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'" ● SEARCH ENGINE: Search: atscan --dork [dork] --level [level] Search: atscan -d [dork] -l [level] --getlinks Set engine: atscan --dork [dork] --level [level] -m bing or google,ask,yandex or all Set selective engines: atscan -d [dork] -l [level] -m google,bing,.. Search with many dorks: atscan --dork dork1 [OTHER]dork2 [OTHER]dork3] --level [level] Get Server wordpress sites: atscan -t [target] --wp Search + output: atscan --dork [dorks.txt] --level [level] --save Search + get emails: atscan -d [dorks.txt] -l [level] --email Search + get site emails: atscan --dork site:site.com --level [level] --email Search + get ips: atscan --dork [dork] --level [level] --ips ● REGULAR EXPRESSIONS: Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex] IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})' ● REPEATER: atscan -t site.com?index.php?id=rang(1-10) --sql atscan -t [target] --expHost "/index.php?id=rang(1-10)" --sql atscan -t [target] --expHost "/index.php?id=repeat(../-9)wp-config.php" ● PORTS atscan -t [ip] --port [port] [--udp / --tcp] atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp] atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command" ● ENCODE / DECODE: Generate MD5: --md5 [string] Encode base64: --encode64 [string] Decode base64: --decode64 [string] ● DATA: Data: atscan -t [target] --data "field1=>value1, field2=>value2, field3=>value3" [--post / --get /] Exploit: --exp/expHost --data "field1=>value1, field2=>value2, field3=>value3" --vshell [shell path] -v [string] / --status [code] [--post / --get / --upload] Wordlist: --data "field1=>value1, field2=>WORDLIST:" --vshell [shell path] -v [string] / --status [code] [--post / --get] ● EXTERNAL COMMANDS: atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET" atscan --dork [dork / dorks.txt] --level [level] --command "file" atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST" atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP" atscan -d "index of /lib/scripts/dl-skin.php" -l 2 -m bing --command "php WP-dl-skin.php-exploit.php --TARGET" atscan --shodan --search [string] --apikey [API KEY] -command [extern_command] ● MULTIPLE SCANS: atscan --dork [dork> --level [10] --sql --lfi --wp .. atscan --dork [dork> --level [10] --replace [string => new_string] --exp/expHost [payload] [--sql / --lfi / --wp /...] atscan -t [ip] --level [10] [--sql / --lfi / --wp /...] atscan -t [target] [--sql / --lfi / --wp /...] ● IP LOCALISATION: atscan -t [ip/target] --geoloc ● SEARCH VALIDATION: atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file] atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file] atscan -d [dork / dorks.txt] -l [level] --status [code] / --exclude [string/file] atscan -d [dork / dorks.txt] -l [level] --ifinurl [string] atscan -d [dork / dorks.txt] -l [level] --sregex [regex] --valid [string] atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string] atscan -d [dork / dorks.txt] -l [level] --unique atscan -t [target / targets.txt] [--status [code] / --valid [string] atscan -t [target / targets.txt] --vshell [file path] atscan -d [dork / dorks.txt] -l [level] --exp/expHost [payload] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replaceFROM [string => new_string] --status [code] / --valid [string] atscan -d [dorks.txt] -l [level] --replace [string => new_string] --exp/expHost [payload] --status [code] / --valid [string] atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string] atscan -t [target / targets.txt] --valid [string] --exclude [string] ● ZONE-H: atscan -t [target / targets.txt] -v [string] --zoneH "notifier => --HOST/index.php" ● SEARCH EXPLOITS: atscan --bugtraq -d [string] -l 1 EX: atscan --bugtraq wordpress -l 1 atscan --bugtraq -d file.txt -l 1 atscan --bugtraq -d [string] -l 1--limit 10 ● GOOGLEAPIS SEARCH atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] -v [string] atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] --exp [exploit] atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] [ANY APTION] ● SHODAN SEARCH atscan --shodan --targget [ip or host or file] --apikey [API KEY] atscan --shodan --dork [string or file] --apikey [API KEY] atscan --shodan --dnsresolve [ip or host or file] --apikey [API KEY] atscan --shodan --dnsrevese [ip or host or file] --apikey [API KEY] atscan --shodan --count [query or file] --apikey [API KEY] atscan --shodan --query --apikey [API KEY] atscan --shodan --querysearch [query or file] --apikey [API KEY] atscan --shodan --querytags --apikey [API KEY] atscan --shodan --myip --apikey [API KEY] atscan --shodan --apinfo --apikey [API KEY] atscan --shodan --services --apikey [API KEY] atscan --shodan --ports --apikey [API KEY] atscan --shodan --tokens [string or file] --apikey [API KEY] ● UPDATE TOOL: atscan --update ● UNINSTALL TOOL: atscan --uninstall ● THANKS TO: Blackarch linux & Dragos Os developers to incorporate my project in their systems.