Local-Hunter.com - Sebuah tools lengkap persembahan dari AlisamTechnology yang dinamakan sebagai ATSCAN menawarkan kelengkapan yang cukup untuk melakukan mass scanning pada website. Tujuan tools ini dibuat untuk memudahkan siapapun dalam melakukan aktivitas penetrasi testing dengan cara mengumpulkan informasi sebanyak mungkin atau biasa disebut infomartion gathering.
ATSCAN merupakan tools yang mampu mendeteksi sebuah web mulai dari Content Management System (CMS), melakukan port scanning, mendeteksi kerentanan bahkan bisa juga untuk melakukan exploitasi ke sebuah website jika bug tersebut terdeteksi valid oleh tools ini. Untuk informasi selengkapnya silakan membaca fitur-fitur istimewa dari ATSCAN.
| Codename: | 4n0n4t |
| AUTHOR: | Ali MEHDIOUI |
| GROUP: | Alisam@Technology |
Deskripsi
● Engines: Google Apis, Bing, Ask, Yandex, Sogou, Exalead, Shodan
● Mass Dork Search
● Multiple instant scans.
● Mass Exploitation
● Use proxy.
● Random user agent.
● Random engine.
● Mass Extern commands execution.
● EAuto Exploits .
● XSS / SQLI / LFI / AFD scanner.
● Filter wordpress & Joomla sites.
● Wordpress theme and plugin detection.
● Find Admin page.
● Decode / Encode Base64 / MD5
|
● Ports scan.
● Collect IPs
● Collect E-mails.
● Auto detect errors.
● Auto detect forms.
● Auto detect Cms.
● Post data.
● Auto sequence repeater.
● Validation.
● Post and Get method
● IP Geolocation
● Issues and Exploit search
● Interactive and Normal interface.
● Regular Expressions
● Dork validation
|
| Perintah: |
| --help / -h |
Help. |
| --proxy |
Set tor proxy for scans [EX: --proxy "socks4://localhost:9050"]
Set proxy [EX: --proxy "http://12.45.44.2:8080"]
Set proxy list [EX: --proxy file] |
| --prandom |
Random proxy [EX: --prandom file] or --prandom "socks://localhost:9050"] |
| --motor / -m |
bing google ask yandex sogou exalead googleapis googlecache or all |
| --apikey |
Apikey |
| --cx |
Googleapis ID |
| --mrandom |
Random of given engines |
| --brandom |
Random all disponibles agents |
| --freq |
Random time frequency (in seconds) |
| --time |
set browser time out |
| --dork / -d |
Dork to search [Ex: house [OTHER]cars [OTHER]hotel]
|
| --target / -t |
Target |
| --level / -l |
Scan level (Number of results pages to scan) |
| --zone |
Search engine country. |
| --param / -p |
Set test parameter EX:id,cat,product_ID |
| --save / -s |
Output. |
| --source |
Html output file |
| --bugtraq |
Serach exploits and issues |
| --content |
Print request content |
| --data |
Post and Get forms. See examples |
| --vshell |
Validate by url ex: --HOST/shell.php or file |
| --post |
Use post method |
| --get |
Use get method |
| --header |
Set headers |
| --fullHeaders |
Print full request headers |
| --host |
Domain name [Ex: site.com] |
| --nobanner |
Hide tool banner |
| --beep |
Produce beep sound if positive scan found. |
| --ifend |
Produce beep sound when scan process is finished. |
| --noverbose |
No scan verbose. |
| --ping |
Host ping. |
| --limit |
Limit max positive scan results. |
| --valid / -v |
Validate by string at least 1 is matching |
| --validAll |
Validate all given strings |
| --status |
Validate by http header status |
| --server |
Validate by server |
| --ifinurl |
Get targets with exact string matching |
| --sregex |
Get targets with exact regex matching |
| --exclude |
Get targets where strings do not exist in html |
| --excludeAll |
Get targets where all strings do not exist in html |
| --unique |
Get targets with exact dork matching |
| --replace |
Replace exact string |
| --replaceFROM |
Replace from string to the end of target |
| --exp / -e |
Exploit/Payload will be added to full target |
| --expHost |
Exploit will be added to the host |
| --expIp |
Exploit will be added to the host ip |
| --xss |
Xss scan |
| --sql |
Sqli scan |
| --lfi |
Local file inclusion |
| --joomrfi |
Scan for joomla local file inclusion. |
| --shell |
Shell link [Ex: http://www.site.com/shell.txt] |
| --wpafd |
Scan wordpress sites for arbitrary file download |
| --admin |
Get site admin page |
| --shost |
Get site subdomains |
| --port |
port |
| --tcp |
TCP port |
| --udp |
UDP port |
| --getlinks |
Get target html links |
| --wp |
Wordpress site |
| --joom |
Joomla site |
| --zip |
Get zip files |
| --md5 |
Convert to md5 |
| --encode64 |
Encode base64 string |
| --decode64 |
decode base64 string
|
| --TARGET |
Will be replaced by target in extern command |
| --HOST |
Will be replaced by host in extern command |
| --HOSTIP |
Will be replaced by host IP in extern command |
| --PORT |
Will be replaced by open port in extern command |
| --ips |
Collect Ips |
| --geoloc |
Ip geolocalisation |
| --regex |
Crawl to get strings matching regex |
| --noquery |
Remove string value from Query url [ex: site.com/index.php?id=string] |
| --command / -c |
Extern Command to execute |
| --popup |
Execute Extern Command in new terminal window |
| --zoneH |
Upload to Zone-H |
| --saveCookie |
Cookies output file |
| --setCookies |
Cookie file |
| --email |
Collect emails |
| rang(x-y) |
EX: --expHost "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?id=rang(1-9)" --sql
site.com/index.php?id=1 -> 9. |
| repeat(txt-y) |
EX: --expHost "/index.php?id=repeat(../-9)wp-config.php" --sql OR -t "site.com/index.php?id=../wp-config.php"
In site.com/index.php?id=../wp-config.php then site.com/index.php?id=../../wp-config.php 9 times |
| [OTHER] |
To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3 |
| --googleapi |
Google Apis |
| --shodan |
Shodan search |
| --count |
Search Shodan without Results |
| --count |
Search Shodan |
| --dnsreverset |
Shodan Reverse DNS Lookup |
| --dnsresolve |
Shodan Resolve DNS Lookup |
| --tokens |
String filters and parameters |
| --querysearch |
Search the directory of saved Shodan search queries |
| --query |
List the saved Shodan search queries |
| --querytags |
List the most popular Shodan tags |
| --myip |
List all services that Shodan crawls |
| --services |
List all services that Shodan crawls |
| --apinfo |
My Shodan API Plan Information |
| --ports |
List of port numbers that the crawlers are looking for |
| --protocols |
List all protocols that can be used when performing on-demand Internet scans via Shodan. |
| --honeyscore |
Calculates honeypot score ranging from 0 (not a honeypot) to 1.0 (is a honeypot) in shodan |
| --facets |
Shodan search facets |
| --update |
Update tool |
| --repair |
Repair or force tool update. |
| --tool / -? |
Tool info. |
| --config |
User configuration. |
| --interactive / -i |
Interactive mode interface. |
| --uninstall |
Uninstall Tool. |
|
Cara Install dan Penggunaan ATSCAN
Jika kamu menggunakan sistem operasi berbasis Linux mungkin penginstalan akan berjalan dengan mudah dan jarang sekali menemukan kesalahan pada kode. Akan tetapi, jika kamu saat ini menggunakan sistem operasi Windows maka ikuti step di bawah ini.
| Contoh: |
● PROXY:
Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050].
Proxy: Proxy: --proxy [proxy] Ex: http://12.32.1.5:8080
or --proxy file Ex: --proxy my_proxies.txt
● RANDOM:
Random proxy: --prandom [proxy file]
Random browser: --brandom
Random engine: --mrandom [ENGINES]
● SET HEADERS:
atscan --dork [dork / dorks.txt] --level [level] --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'"
atscan -t target --data "name=>username, email=>xxxxxx, pass=>xxxxx" --post --header "Authorization => 'Basic YWRtaW46YWRtaW4', keep_alive => '1'"
● SEARCH ENGINE:
Search: atscan --dork [dork] --level [level]
Search: atscan -d [dork] -l [level] --getlinks
Set engine: atscan --dork [dork] --level [level] -m bing or google,ask,yandex or all
Set selective engines: atscan -d [dork] -l [level] -m google,bing,..
Search with many dorks: atscan --dork dork1 [OTHER]dork2 [OTHER]dork3] --level [level]
Get Server wordpress sites: atscan -t [target] --wp
Search + output: atscan --dork [dorks.txt] --level [level] --save
Search + get emails: atscan -d [dorks.txt] -l [level] --email
Search + get site emails: atscan --dork site:site.com --level [level] --email
Search + get ips: atscan --dork [dork] --level [level] --ips
● REGULAR EXPRESSIONS:
Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex]
IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})'
● REPEATER:
atscan -t site.com?index.php?id=rang(1-10) --sql
atscan -t [target] --expHost "/index.php?id=rang(1-10)" --sql
atscan -t [target] --expHost "/index.php?id=repeat(../-9)wp-config.php"
● PORTS
atscan -t [ip] --port [port] [--udp / --tcp]
atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp]
atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command"
● ENCODE / DECODE:
Generate MD5: --md5 [string]
Encode base64: --encode64 [string]
Decode base64: --decode64 [string]
● DATA:
Data: atscan -t [target] --data "field1=>value1, field2=>value2, field3=>value3" [--post / --get /]
Exploit: --exp/expHost --data "field1=>value1, field2=>value2, field3=>value3" --vshell [shell path] -v [string] / --status [code] [--post / --get / --upload]
Wordlist: --data "field1=>value1, field2=>WORDLIST:" --vshell [shell path] -v [string] / --status [code] [--post / --get]
● EXTERNAL COMMANDS:
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET"
atscan --dork [dork / dorks.txt] --level [level] --command "file"
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST"
atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP"
atscan -d "index of /lib/scripts/dl-skin.php" -l 2 -m bing --command "php WP-dl-skin.php-exploit.php --TARGET"
atscan --shodan --search [string] --apikey [API KEY] -command [extern_command]
● MULTIPLE SCANS:
atscan --dork [dork> --level [10] --sql --lfi --wp ..
atscan --dork [dork> --level [10] --replace [string => new_string] --exp/expHost [payload] [--sql / --lfi / --wp /...]
atscan -t [ip] --level [10] [--sql / --lfi / --wp /...]
atscan -t [target] [--sql / --lfi / --wp /...]
● IP LOCALISATION:
atscan -t [ip/target] --geoloc
● SEARCH VALIDATION:
atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file]
atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/file]
atscan -d [dork / dorks.txt] -l [level] --status [code] / --exclude [string/file]
atscan -d [dork / dorks.txt] -l [level] --ifinurl [string]
atscan -d [dork / dorks.txt] -l [level] --sregex [regex] --valid [string]
atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string]
atscan -d [dork / dorks.txt] -l [level] --unique
atscan -t [target / targets.txt] [--status [code] / --valid [string]
atscan -t [target / targets.txt] --vshell [file path]
atscan -d [dork / dorks.txt] -l [level] --exp/expHost [payload] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string]
atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replaceFROM [string => new_string] --status [code] / --valid [string]
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --exp/expHost [payload] --status [code] / --valid [string]
atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string]
atscan -t [target / targets.txt] --valid [string] --exclude [string]
● ZONE-H:
atscan -t [target / targets.txt] -v [string] --zoneH "notifier => --HOST/index.php"
● SEARCH EXPLOITS:
atscan --bugtraq -d [string] -l 1 EX: atscan --bugtraq -d wordpress -l 1
atscan --bugtraq -d file.txt -l 1
atscan --bugtraq -d [string] -l 1--limit 10
● GOOGLEAPIS SEARCH
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID]
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] -v [string]
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] --exp [exploit]
atscan --dork [string or file] -l 1 --apikey [API KEY] --cx [ID] [ANY APTION]
● SHODAN SEARCH
atscan --shodan --targget [ip or host or file] --apikey [API KEY]
atscan --shodan --dork [string or file] --apikey [API KEY]
atscan --shodan --dnsresolve [ip or host or file] --apikey [API KEY]
atscan --shodan --dnsrevese [ip or host or file] --apikey [API KEY]
atscan --shodan --count [query or file] --apikey [API KEY]
atscan --shodan --query --apikey [API KEY]
atscan --shodan --querysearch [query or file] --apikey [API KEY]
atscan --shodan --querytags --apikey [API KEY]
atscan --shodan --myip --apikey [API KEY]
atscan --shodan --apinfo --apikey [API KEY]
atscan --shodan --services --apikey [API KEY]
atscan --shodan --ports --apikey [API KEY]
atscan --shodan --tokens [string or file] --apikey [API KEY]
● UPDATE TOOL:
atscan --update
● UNINSTALL TOOL:
atscan --uninstall
● Support OS:
BlackArch Linux & Dragos Os & Dracos Linux & Kali Linux & Parrot OS & Linux Mint & Windows 7.
|
|
| Download & Install: |
● Download Strawberry Perl for Windows 5.32.1.1
● Ketik Edit the system environment variables di menu START Windows
● Kemudian, edit menu PATH di bagian System Variable
● Terapkan seperti ini: C:\Strawberry\perl\bin dan C:\Strawberry\c\bin
● Setelah itu ketik perintah di CMD git clone https://github.com/AlisamTechnology/ATSCAN
● cd ATSCAN
● bash install.sh
● Jalankan perintah perl atscan.pl
* Jangan lupa baca dokumentasi README StrawberryPerl jika ada kesalahan pada installasi
|
Dislaimer: AlisamTechnology dan LocalHunter tidak bertanggung jawab atas perbuatan yang dilakukan oleh pengguna yang berkaitan dengan tindakan melanggar hukum. Pembuatan artikel ini semata-mata hanya untuk edukasi.
Posting Komentar