ATSCAN - Server, Site and Dork Scanner

ATSCAN – Server, Site and Dork Scanner

July 16, 2017July 27, 2019 Comments Off

Atscan is a Perl script for finding vulnerabilities in servers and sites, as well as a dork scanner.

The tool contains the following

● Search engine Google / Bing / Ask / Yandex / Sogou
● Mass Dork Search
● Multiple instant scans.
● Mass Exploitation
● Use proxy.
● Random user agent.
● Random engine.
● Extern commands execution.
● XSS / SQLI / LFI / AFD scanner.
● Filter wordpress and Joomla sites in the server.
● Find Admin page.
● Decode / Encode Base64 / MD5
● Ports scan.
● Extract IPs
● Extract E-mails.
● Auto detect errors.
● Auto detect Cms.
● Post data.
● Auto sequence repeater.
● Validation.
● Post and Get method
● And more…

★ Libraries to install:

Perl Required.
Works in all platforms. Disponible in Blackarch linux and Dracos systems.

★ Download:

● git clone https://github.com/AlisamTechnology/ATSCAN
● direct link: https://github.com/AlisamTechnology/ATSCAN

★ Permissions:

cd ATSCAN
chmod +x ./atscan.pl

★ Installation:

chmod +x ./install.sh
./install.sh

★ Execution:

Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan

★ Uninstall Tool:

atscan –uninstall

Screenshots:

Help Commands

–tor	tor proxy [DEFAULT:socks://localhost:9050] Change if needed!
–dork	Search engine
–mp	set number of page results to scan
–xss	Xss scan
–lfi	lfi scan
-t	Target
-l	List name
–exp	Set exploit
–valid	Text for validate results
–sqlmap	Sqlmaping xss results
–sqlmaptor	Sqlmaping xss results using tor proxy
–lfi	local file inclusion
–joomrfi	get joomla sites with rfi in the server
–shell	shell link [Ex: http://www.site.com/shell.txt]
–wpadf	get wordpress sites with arbitery file download in the server
–admin	get site admin page
–shost	get site subdomains
–ports	scan server ports
–start	start scan port
–end	end scan port
–tcp	tcp ports
–udp	udp ports
–all	complete mode
–basic	basic mode
–sites	sites in the server
–wp	wordpress sites in the server
–joom	joomla sites in the server
–upload	get sites with upload files in the server
–zip	get sites with zip files in the server
–st	string
–md5	convert to md5
–encode64	encode base64 string
–decode64	decode base64 string
–isup	check http status 200
–httpd	print site httpd version

EXAMPLES:

Simple search:

-s DORK –mp [number of page results to scan]
-s [DORK1,DORK2,DORK3..] –mp [number of page results to scan]
-s [DORK.txt] –mp [number of page results to scan from list]

Subscan from Serach Engine

Xss: –dork DORK –mp 1 –xss
Xss: –dork DORKS.TXT –mp 1 –xss
Lfi: –dork DORK –mp 1 –lfi
Search + Command: –dork DORK –mp VALUE –command ‘curl -v’ –TARGET

Validation

Xss: –dork DORK –mp 1 –xss –valid TEXT
Lfi: –dork DORK –mp 1 –lfi –valid TEXT
Xss: –dork DORK –mp 1 –xss –isup
Lfi: –dork DORK –mp 1 –xss –isup
Xss: –dork DORKS.TXT –mp 1 –xss –valid TEXT
Lfi: –dork DORKS.TXT –mp 1 –lfi –valid TEXT
Xss: –dork DORKS.TXT –mp 1 –xss –isup
Lfi: –dork DORKS.TXT –mp 1 –xss –isup

Use List / Target

Xss: -t TARGET –xss
Lfi: -l TARGET –lfi
Xss + Validation: -t TARGET –xss –valid TEXT
Lfi + Validation: -t TARGET –lfi –valid TEXT
Xss + Validation: -l list.txt –xss –isup
Lfi + Validation: -l list.txt –lfi –isup
Find admin page: -t TARGET –admin
Find subdomains: -t TARGET –shost

Server:

Get Server sites: -t IP –mp [VALUE] –sites
Get Server sites: -t IP.txt –mp [VALUE] –sites
Get Server wordpress sites: -t IP –mp [VALUE] –wp
Get Server joomla sites: -t IP –mp [VALUE] –joom
Get Server upload sites: -t IP –mp [VALUE] –upload
Get Server zip sites files: -t IP –mp [VALUE] –zip
WP Arbitry File Download: -t IP –mp [VALUE] –wpadf
Joomla RFI: -t IP –mp <1> –joomfri –shell SHELL LINK
Scan basic tcp (quick): -t IP –ports –basic –tcp
Scan basic udp basic (quick): -t IP –ports –basic –udp
Scan basic udp+tcp: -t IP –ports –basic –udp –tcp
Scan complete tcp: -t IP –ports –all –tcp
Scan complete udp: -t IP –ports –all –udp
Scan complete tcp+udp: -t IP –ports –all –udp –tcp
Scan rang tcp: -t IP –ports –start –end –tcp
Scan rang udp: -t IP –ports –start –end –udp
Scan rang udp + tcp: -t IP –ports –start VALUE –end VALUE –udp –tcp

Encode / Decode:

Generate MD5: -st STRING –md5
Encode base64: -st STRING –encode64
Decode base64: -st STRING –decode64