Hey Folks, in this tutorial we will discuss on an interesting information gathering tool called “ATSCAN“. The tool specializes in gathering information about the domain name and also provides many features such as: vulnerability scanning, crawling, proxy, port port etc. You can understand a little about this tool through the given description.

Facility

  • Mass Dork Search
  • Multiple instant scans.
  • Mass Exploitation
  • Use proxy.
  • Ports scan.
  • Collect IPs
  • Collect E-mails.
  • XSS / SQLI / LFI / AFD scanner.
  • More

Installation

Just you have to execute the following command and the tool will be automatically installed in your system.

Simple 😛 !! Now the tool has been successfully configured in our system and we can check all available features in this tool by adding “-h” argument to our command.

Example

This tool is very easy to use because we just have to add our target description after adding the argument “-t”.

Nice 🙂 !! As you can see it has dumped all the important details about the target such as public IP, server, cms details, plugins, versions of plugin and cms etc.

Usage 🙂 !! atscan -t < target URL >

Dump Emails

We can dump all the email addresses available on the web application using the following command.

Usage 🙂 !! atscan -t < target > –email

Find Vulnerability -XSS

It will easily detect if the web application has the following types of vulnerability. Now we will try to find cross site scripting ( xss ) vulnerability in web application by using the following command.

Usage 🙂 !! atscan -t < target > –xss

Hm 😛 !! It’s really work ! as you can see that it also gives us proof of concept.

Find Vulnerability – SQL Injection

Similarly we can point out sql injection vulnerability in web application by adding “--sql” argument to the command.

That’s all 😛 !! Not only that because it gives us different types of facilities through which we can collect more information about the target.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Leave a Reply