• We just launched and are currently in beta. Join us as we build and grow the community.

ATSCAN – Advance Web Application Scanner

Sgt.Smirk

Blockchain Architect
S
S Rep
0
0
0
Rep
0
S Vouches
0
0
0
Vouches
0
Posts
150
Likes
125
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 300 XP
Simple-Grid-Presentation-3.png


Hey Folks, in this tutorial we will discuss on an interesting information gathering tool called “ATSCAN“. The tool specializes in gathering information about the domain name and also provides many features such as: vulnerability scanning, crawling, proxy, port port etc. You can understand a little about this tool through the given description.

Facility
  • Mass Dork Search
  • Multiple instant scans.
  • Mass Exploitation
  • Use proxy.
  • Ports scan.
  • Collect IPs
  • Collect E-mails.
  • XSS / SQLI / LFI / AFD scanner.
  • More

Installation

Just you have to execute the following command and the tool will be automatically installed in your system.

git clone https://github.com/AlisamTechnology/ATSCAN.git
cd ATSCAN
bash install.sh123git clone
https://github.com/AlisamTechnology/ATSCAN.gitcd ATSCANbash install.sh

1-1.png


Simple 😛 !! Now the tool has been successfully configured in our system and we can check all available features in this tool by adding “-h” argument to our command.

atscan -h1atscan-h

2-1.png

Example

This tool is very easy to use because we just have to add our target description after adding the argument “-t”.

3-1.png


Nice 🙂 !! As you can see it has dumped all the important details about the target such as public IP, server, cms details, plugins, versions of plugin and cms etc.

Usage 🙂 !! atscan -t < target URL >

4-1.png

Dump Emails

We can dump all the email addresses available on the web application using the following command.

Usage 🙂 !! atscan -t < target > –email

atscan -t http://testphp.vulnweb.com --email1atscan-t
http://testphp.vulnweb.com --email

5-2.png

Find Vulnerability -XSS

It will easily detect if the web application has the following types of vulnerability. Now we will try to find cross site scripting ( xss ) vulnerability in web application by using the following command.

Usage 🙂 !! atscan -t < target > –xss

atscan -t http://testphp.vulnweb.com/listproducts.php?cat=1 --xss1atscan-t
http://testphp.vulnweb.com/listproducts.php?cat=1 --xss

6-1.png


Hm 😛 !! It’s really work ! as you can see that it also gives us proof of concept.

7-1.png

Find Vulnerability – SQL Injection

Similarly we can point out sql injection vulnerability in web application by adding “--sql” argument to the command.

atscan -t http://testphp.vulnweb.com/listproducts.php?cat=1 --sql1atscan-t
http://testphp.vulnweb.com/listproducts.php?cat=1 --sql

8-1.png


That’s all 😛 !! Not only that because it gives us different types of facilities through which we can collect more information about the target.

9-1.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

434,910

313,635

313,644

T ta9abe
Top