ATSCAN – Server, Site and Dork Scanner

Atscan is a Perl script for finding vulnerabilities in servers and sites, as well as a dork scanner.

The tool contains the following

● Search engine Google / Bing / Ask / Yandex / Sogou
● Mass Dork Search
● Multiple instant scans.
● Mass Exploitation
● Use proxy.
● Random user agent.
● Random engine.
● Extern commands execution.
● XSS / SQLI / LFI / AFD scanner.
● Filter wordpress and Joomla sites in the server.
● Find Admin page.
● Decode / Encode Base64 / MD5
● Ports scan.
● Extract IPs
● Extract E-mails.
● Auto detect errors.
● Auto detect Cms.
● Post data.
● Auto sequence repeater.
● Validation.
● Post and Get method
● And more…
★ Libraries to install:
Perl Required.
Works in all platforms. Disponible in Blackarch linux and Dracos systems.
● git clone
● direct link:
chmod +x ./
chmod +x ./
Portable Execution: perl ./
Installed Tool Execution: atscan
Uninstall Tool:
atscan –uninstall



Help Commands

–tor tor proxy [DEFAULT:socks://localhost:9050] Change if needed!
–dork Search engine
–mp set number of page results to scan
–xss Xss scan
–lfi lfi scan
-t Target
-l List name
–exp Set exploit
–valid Text for validate results
–sqlmap Sqlmaping xss results
–sqlmaptor Sqlmaping xss results using tor proxy
–lfi local file inclusion
–joomrfi get joomla sites with rfi in the server
–shell shell link [Ex:]
–wpadf get wordpress sites with arbitery file download in the server
–admin get site admin page
–shost get site subdomains
–ports scan server ports
–start start scan port
–end end scan port
–tcp tcp ports
–udp udp ports
–all complete mode
–basic basic mode
–sites sites in the server
–wp wordpress sites in the server
–joom joomla sites in the server
–upload get sites with upload files in the server
–zip get sites with zip files in the server
–st string
–md5 convert to md5
–encode64 encode base64 string
–decode64 decode base64 string
–isup check http status 200
–httpd print site httpd version
Simple search: 

-s DORK –mp [number of page results to scan]
-s [DORK1,DORK2,DORK3..] –mp [number of page results to scan]
-s [DORK.txt] –mp [number of page results to scan from list]

Subscan from Serach Engine

Xss: –dork DORK –mp 1 –xss
Xss: –dork DORKS.TXT –mp 1 –xss
Lfi: –dork DORK –mp 1 –lfi
Search + Command: –dork DORK –mp VALUE –command ‘curl -v’ –TARGET


Xss: –dork DORK –mp 1 –xss –valid TEXT
Lfi: –dork DORK –mp 1 –lfi –valid TEXT
Xss: –dork DORK –mp 1 –xss –isup
Lfi: –dork DORK –mp 1 –xss –isup
Xss: –dork DORKS.TXT –mp 1 –xss –valid TEXT
Lfi: –dork DORKS.TXT –mp 1 –lfi –valid TEXT
Xss: –dork DORKS.TXT –mp 1 –xss –isup
Lfi: –dork DORKS.TXT –mp 1 –xss –isup

Use List / Target

Xss: -t TARGET –xss
Lfi: -l TARGET –lfi
Xss + Validation: -t TARGET –xss –valid TEXT
Lfi + Validation: -t TARGET –lfi –valid TEXT
Xss + Validation: -l list.txt –xss –isup
Lfi + Validation: -l list.txt –lfi –isup
Find admin page: -t TARGET –admin
Find subdomains: -t TARGET –shost


Get Server sites: -t IP –mp [VALUE] –sites
Get Server sites: -t IP.txt –mp [VALUE] –sites
Get Server wordpress sites: -t IP –mp [VALUE] –wp
Get Server joomla sites: -t IP –mp [VALUE] –joom
Get Server upload sites: -t IP –mp [VALUE] –upload
Get Server zip sites files: -t IP –mp [VALUE] –zip
WP Arbitry File Download: -t IP –mp [VALUE] –wpadf
Joomla RFI: -t IP –mp <1> –joomfri –shell SHELL LINK
Scan basic tcp (quick): -t IP –ports –basic –tcp
Scan basic udp basic (quick): -t IP –ports –basic –udp
Scan basic udp+tcp: -t IP –ports –basic –udp –tcp
Scan complete tcp: -t IP –ports –all –tcp
Scan complete udp: -t IP –ports –all –udp
Scan complete tcp+udp: -t IP –ports –all –udp –tcp
Scan rang tcp: -t IP –ports –start –end –tcp
Scan rang udp: -t IP –ports –start –end –udp
Scan rang udp + tcp: -t IP –ports –start VALUE –end VALUE –udp –tcp

Encode / Decode: 

Generate MD5: -st STRING –md5
Encode base64: -st STRING –encode64
Decode base64: -st STRING –decode64


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: