Youβve heard of time travel in movies and comics, right? Well, this isnβt fiction anymore π. TheTimeMachine lets you dig through the past of any web app by scraping archived URLs from the Wayback Machine β and helps you find sensitive, forgotten, or deprecated endpoints for further exploitation.
Whether youβre into bug bounty, red teaming, or just love good olβ recon, this tool was built to make my recon workflow faster, cleaner, and more effective. No more juggling multiple scripts β TheTimeMachine does it all in one shot.
This isn't just another Wayback scraper. Here's what TheTimeMachine brings to the table:
- π Archived URL Fetching β Pull historical URLs from Wayback Machine.
- πΎ Backup File Detection β Find
.zip
,.bak
,.sql
,.tar.gz
,.old
, and other juicy files. - βοΈ Attack Mode β Scan for vulnerable endpoints using patterns/signatures:
- XSS
- SQLi
- LFI
- Open Redirects
- WordPress Vulns
- JIRA-based misconfig
- π§ GET Parameter Mapping β Map every GET parameter to where it appears. (Great for fuzzing automation.)
- π§ͺ JWT Detection β Detect and decode JWTs embedded in archived URLs.
- π Directory Listing Detection β Find open indexed directories.
- π΅οΈ Subdomain Enumeration β Pull subdomains seen in archived data.
- π Keyword Search β Search custom keywords like
config
,backup
,.log
, etc. - π§© Custom Payload Lists β Use your own fuzz list or signatures for custom scans.
Tested on Python 3 across Ubuntu/Kali/Windows.
git clone https://github.com/anmolksachan/TheTimeMachine
cd TheTimeMachine
pip3 install -r requirements.txt
python3 thetimemachine.py <target.com> [OPTIONS]
Note: Don't use http://
or https://
in the domain β just pass domain.com
or sub.domain.com
.
Option | Description |
---|---|
--fetch |
Fetch archived URLs from Wayback |
--backups |
Scan for exposed backup/config files |
--attack [type] |
Run attack mode (xss, sqli, lfi, redirect, jira, wp, custom) |
--jwt |
Detect & decode JWT tokens |
--subdomains |
Extract subdomains from historical URLs |
--parameters |
Extract GET parameters & map them to URLs |
--listings |
Detect open directory listings |
python3 thetimemachine.py example.com --fetch
python3 thetimemachine.py example.com --backups
python3 thetimemachine.py example.com --listings
python3 thetimemachine.py example.com --attack xss
python3 thetimemachine.py example.com --parameters
python3 thetimemachine.py example.com --jwt
usage: thetimemachine.py [-h] [--fetch] [--jwt] [--backups] [--subdomains] [--listings] [--attack {xss,sqli,lfi,redirect,jira,wp,fuzz}] [--menu]
[--parameters]
target
All results are neatly saved under the content/
directory:
content/
βββ example.com/
βββ example.com_URLs.txt
βββ example.com_xss.txt
βββ example.com_sqli.txt
βββ example.com_parameters.txt
βββ example.com_subdomain.txt
βββ ...
You can fully customize the payloads for XSS, SQLi, fuzzing, etc. Just edit the respective .txt
files inside the repo and fire away!
I'm not a full-time bug bounty hunter, but I needed a tool thatβd do fast recon, find juicy endpoints, and give me enough leads to manually dig deeper. Got my HOF on multiple VDPs and bugbounty, including NOKIA, Mediatek, and more.
- Simple Recon on Android using TheTimeMachine + Dirsearch (Medium)
- Michel Kartner β YouTube
- @cyb_detectiveβs Tweet
DMs are open β reach out to me on @FR13ND0x7F
If this tool helped you, drop a star on the repo or follow me on Twitter β thatβs all I ask π
Author: Anmol K. Sachan | Twitter/ X: @FR13ND0x7F
Co-author: Chaudhary_S4h4b | Twitter/ X: @Chaudhary_S4h4b
Version 3.0 is under development. If you see any issues please open an issues and we are happy to take a look and fix that.
--menu
work is under progress you can directly use--attack
instead.--backup
needs to also output archieved URL simialr to WayBackupFinder