Hey Folks, in this tutorial we will discuss on an interesting information gathering tool called “ATSCAN“. The tool specializes in gathering information about the domain name and also provides many features such as: vulnerability scanning, crawling, proxy, port port etc. You can understand a little about this tool through the given description.
- Mass Dork Search
- Multiple instant scans.
- Mass Exploitation
- Use proxy.
- Ports scan.
- Collect IPs
- Collect E-mails.
- XSS / SQLI / LFI / AFD scanner.
Just you have to execute the following command and the tool will be automatically installed in your system.
git clone https://github.com/AlisamTechnology/ATSCAN.git
Simple 😛 !! Now the tool has been successfully configured in our system and we can check all available features in this tool by adding “-h” argument to our command.
This tool is very easy to use because we just have to add our target description after adding the argument “-t”.
Nice 🙂 !! As you can see it has dumped all the important details about the target such as public IP, server, cms details, plugins, versions of plugin and cms etc.
Usage 🙂 !! atscan -t < target URL >
We can dump all the email addresses available on the web application using the following command.
Usage 🙂 !! atscan -t < target > –email
atscan -t http://testphp.vulnweb.com --email
Find Vulnerability -XSS
It will easily detect if the web application has the following types of vulnerability. Now we will try to find cross site scripting ( xss ) vulnerability in web application by using the following command.
Usage 🙂 !! atscan -t < target > –xss
atscan -t http://testphp.vulnweb.com/listproducts.php?cat=1 --xss
Hm 😛 !! It’s really work ! as you can see that it also gives us proof of concept.
Find Vulnerability – SQL Injection
Similarly we can point out sql injection vulnerability in web application by adding “--sql” argument to the command.
atscan -t http://testphp.vulnweb.com/listproducts.php?cat=1 --sql
That’s all 😛 !! Not only that because it gives us different types of facilities through which we can collect more information about the target.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.