• Stars
    star
    264
  • Rank 155,103 (Top 4 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created almost 3 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

The Time Machine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

TheTimeMachine

Detailed Description about this can be found here :

Read Blog here : https://anmolksachan.medium.com/the-time-machine-weaponizing-waybackurls-for-recon-bugbounties-osint-sensitive-endpoints-and-40889a03feeb

Introduction

You must have heard about time travel in movies, series and comics. Well here we are Nah i'm not joking you can travel back in time and can fetch the endpoints from web applications to do further exploitation, don't believe me xD You will after Travelling from TheTimeMachine, PS Doesn't work offline you need internet to Travel In Time xD.

I have created this tool for making my work easier when it comes to recon and fetching sensitive endpoints for sensitive data exposure and further exploitation using waybackurls and sorting for Sensitive endpoints, it has also option to look for sensitive endpoints for information disclosure, It has have more capabilities like looking for possible endpoints vulnerable to XSS, LFI, JIRA Based Vulnerability, Open Redirection.

I'm not too much into bug bounty but recently Managed HOF in NOKIA (Soon will be updated in Website or is already there :P), and found P1 with The Time Machine : https://bugcrowd.com/H4CK3R/crowdstream

It worked on multiple bug bounty program, reports are still under review :P

Features

  1. Search for /api/ endpoint
  2. Search for JSON endpoint
  3. Fetch possible Conf(configuration) endpoint
  4. All Possible Sensitive instances in URL from TheTimeMachine (Searches from Fuzz List) or can also Add your own Custom List
  5. Fetches subdomains from waybackurl
  6. Search Custom keyword of your choice Eg. backup, .log etc.
  7. Attack Mode ( Searched for vulnerable possible endpoints for SQLi, LFI, XSS, Open Redirect, Wordpress, JIRA Based Vulnerability or via Custom File, PS More to be added soon )
  8. Fetch only Parameters from any file (Eg. Fetched from way back urls, extracted file from Attack mode or any URLs file, also how creative you are can be used with burp spider file :P)
  9. You can manually edit all the files that searched for XSS, LFI, Fuzz etc.

How to install and use

Note : Tested with python3 on Ubuntu/Kali/Windows

$ git clone https://github.com/anmolksachan/TheTimeMachine
$ cd TheTimeMachine
$ pip3 install -r requirements.txt
$ python thetimemachine.py

If you're not able to install requirements.txt, run install.sh or install manually, run below mentioned commands

$ pip install numpy
$ pip install requests
$ pip install colorama
$ pip install termcolor

Example Run :

Note : Entered URL must look like domain.com or subdomain.domain.com no http or https is required

$ python thetimemachine.py domain.com
$ python thetimemachine.py subdomain.domain.com
.. .. .. .. 
.. .. .. .. 
AND SO ON 

enter image description here enter image description here

Add your own list of payloads

you can edit multiple available payloads and Fuzz , 
Add your own in the interested text file !

Contact

Shoot my DM : @FR13ND0x7F

Special Thanks

@nihitjain11
@Shivam Saraswat

Note

There are none so far.

Want to support my work?

Give me a Star in the repository or follow me @FR13ND0x7F , thats enough for me :P

More Repositories

1

ThreatTracer

ThreatTracer - A python Script to identify CVE by name & version by @FR13ND0x7F
Python
96
star
2

CrossInjector

Cross Injector โ€” A Python Script for Cross-Site Scripting (XSS) Detection
Python
37
star
3

JIRAya

JIRA"YA is a vulnerability analyzer for JIRA instances. It runs active scans to identify vulnerabilities by interacting with the host and conducting tests.
Python
32
star
4

CVESeeker

Unveiling Cyber Threats: From assets to Vulnerability Insights
Python
8
star
5

WhatTheCipher

Cipher Suite Checker
Python
8
star
6

secret

Collection of RegEx to fetch sensitive Key and Stuff
6
star
7

MS12-020

CVE -2012-0152
Python
6
star
8

Blind-SSRF-with-Shellshock-exploitation

Blind SSRF with Shellshock exploitation
5
star
9

anmolksachan.github.io

CSS
4
star
10

ProjectDork

The Dork Search Tools are designed to help bug bounty hunters and penetration testers find sensitive information and vulnerabilities on web applications.
4
star
11

RecoMation

Recon Automation is a utility for automating reconnaissance for bug bounty hunters, Black Box Penetration testers, red teamers who are performing recon against some web app.
Shell
3
star
12

aem-spy

A command-line tool for checking a list of URLs for possible Adobe Experience Manager (AEM) detection.
Python
3
star
13

CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS

2
star
14

nuclei-templates

2
star
15

discovery.sh

Shell
1
star
16

Payload

HTML
1
star
17

url-prepend-wizard

Python
1
star
18

cors-test-script

CORS Test Script
HTML
1
star
19

lync-auto-discover

Shell
1
star
20

AI-ML-Free-Resources-for-Security-and-Prompt-Injection

1
star
21

CVE

1
star