Hey Folks, in this tutorial we will discuss on an interesting information gathering tool called “ATSCAN“. The tool specializes in gathering information about the domain name and also provides many features such as: vulnerability scanning, crawling, proxy, port port etc. You can understand a little about this tool through the given description.
Just you have to execute the following command and the tool will be automatically installed in your system.
git clone https://github.com/AlisamTechnology/ATSCAN.git
cd ATSCAN
bash install.sh
Simple 😛 !! Now the tool has been successfully configured in our system and we can check all available features in this tool by adding “-h” argument to our command.
atscan -h
This tool is very easy to use because we just have to add our target description after adding the argument “-t”.
Nice 🙂 !! As you can see it has dumped all the important details about the target such as public IP, server, cms details, plugins, versions of plugin and cms etc.
Usage 🙂 !! atscan -t < target URL >
We can dump all the email addresses available on the web application using the following command.
Usage 🙂 !! atscan -t < target > –email
atscan -t http://testphp.vulnweb.com --email
It will easily detect if the web application has the following types of vulnerability. Now we will try to find cross site scripting ( xss ) vulnerability in web application by using the following command.
Usage 🙂 !! atscan -t < target > –xss
atscan -t http://testphp.vulnweb.com/listproducts.php?cat=1 --xss
Hm 😛 !! It’s really work ! as you can see that it also gives us proof of concept.
Similarly we can point out sql injection vulnerability in web application by adding “--sql” argument to the command.
atscan -t http://testphp.vulnweb.com/listproducts.php?cat=1 --sql
That’s all 😛 !! Not only that because it gives us different types of facilities through which we can collect more information about the target.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
The security of your API should be one of the top priorities of companies. Without…
Hey Folks, In today's business world, it is essential to have an online presence. However,…
Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…
This website uses cookies.