___ ___ ___
/\ \ /\ \ /\__\
/::\ \ \:\ \ /::| |
/:/\:\ \ \:\ \ /:|:| |
/::\~\:\ \ /::\ \ /:/|:|__|__
/:/\:\ \:\__\ /:/\:\__\ /:/ |::::\__\\
\/__\:\/:/ / /:/ \/__/ \/__/~~/:/ /
\::/ / /:/ / /:/ /
/:/ / \/__/ /:/ /
/:/ / /:/ /
\/__/ \/__/
scripts by @9oelm https://github.com/9oelM
A set of AuToMation scripts for hacking.
The biggest difference of this repo, from other mainstreams, is that it has each functionality in separate shell script, usable for different purposes. The scripts don't have to run altogether, which would make the whole thing inflexible. Maybe you need to fuzz a single special target that you are concentrating on. Maybe there was something weird that you want to review again. Then you go into individual shell scripts.
If you don't want to install them all in your local machine, you could run a docker container by building the image from the dockerfile provided in this repo. Otherwise, please reference the installation steps in Dockerfile if you are willing to directly install them in your local machine.
git clone https://github.com/9oelm/atm.git
cd scripts
chmod u+x install.sh
sudo ./install.sh See under /scripts directory.
atm-beautify-js.sh
atm-clean-words.sh
atm-decode-base64.sh
atm-download-files-from-urls.sh
atm-filter-csv-by-status-code.sh
atm-find-crlf-injections.sh
atm-find-ext-urls.sh
atm-find-location-reflected-urls.sh
atm-find-non-binary-files.sh
atm-find-quick-subdomains.sh
atm-find-target-subdomains.sh
atm-find-urls.sh
atm-find-valid-urls.sh
atm-find-words-from-files.sh
atm-find-working-urls.sh
atm-generate-crlf-injection-payloads.sh
atm-ignore-long-lines.sh
atm-monkeypatch-ffuf-csv-output.sh
atm-parse-target-yml.sh
atm-process-ffuf-csv-output.sh
atm-run-preliminary-ffuf.sh
atm-sanitize-wordlist.sh
atm-search-binaryedge.sh
atm-send-many-mails.py
atm-send-simple-mail.py
atm-subtract-files.sh
atm-unique-and-randomize-api-wordlist.sh
Each shell script has its own -h (help) flag. Please look at /scripts directory.
- Notify progress if
TELEGRAM_CHATandTELEGRAM_TOKENare defined as environment variables (only in docker) - Automate creating payloads for and testing CRLF injection.
- Automate javascript files scanning and sensitive information disclosure
- Automate content discovery
- Automate finding reflected XSS
- Automate finding prototype pollution
- Automate finding SQL injection
- Automate finding open redirect
- Automate finding http parameters using tools like https://github.com/s0md3v/Arjun
- Integrate gospider into atm-find-urls.sh
- Docker build cache in Github actions
- https://github.com/cujanovic/Open-Redirect-Payloads/blob/master/Open-Redirect-payloads.txt
- https://github.com/omurugur/Open_Redirect_Payload_List/blob/master/Open-Redirect-Payload
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Variables/secret-keywords.txt
- https://github.com/m4ll0k/BBTz/blob/master/jsalert.py
- https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
use below code to get all slugs
const table = document.querySelector(`#article-contents > div > table:nth-child(21) > tbody`) [...table.children].map((tr) => [...tr.children][2].textContent).join('\n')
- https://gist.github.com/jhaddix/f64c97d0863a78454e44c2f7119c2a6a
- https://gist.github.com/jhaddix/b80ea67d85c13206125806f0828f4d10
- https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt
- https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/extensions.txt
- https://gist.github.com/nullenc0de/96fb9e934fc16415fbda2f83f08b28e7#file-content_discovery_nullenc0de-txt
- https://gist.github.com/nullenc0de/9cb36260207924f8e1787279a05eb773
- https://wordlists.assetnote.io/