Add files via upload

README.md

@@ -11,7 +11,7 @@
 <table border="0" cellpadding="0" cellspacing="2" width="100%">
   <tr>
     <td width="100px" class="main2"><b>Tool:</b></td>
-    <td width="780px" class="main2"><b>ATSCAN V 13.3.0 </b></td>
+    <td width="780px" class="main2"><b>ATSCAN V 14.0.0 </b></td>
   </tr>
   <tr>
     <td width="100px" class="main2"><b>Codename:</b></td><td width="780px">4n0n4t</td>
@@ -254,8 +254,12 @@
       </tr> 
       <tr>
         <td width="200px" class="main">--valid / -v   </td>
-        <td class="main"> Validate by string </td>
-      </tr> 
+        <td class="main"> Validate by string at least 1 is matching</td>
+      </tr>
+      <tr>
+        <td width="200px" class="main">--all </td>
+        <td class="main"> Validate all given strings </td>
+      </tr>
       <tr>
         <td width="200px" class="main">--status  </td>
         <td class="main"> Validate by http header status </td>
@@ -269,12 +273,8 @@
         <td class="main"> Get targets with exact regex matching</td>
       </tr>
       <tr>
-        <td width="200px" class="main">--none </td>
-        <td class="main"> Get negative validation or engine regex matching</td>
-      </tr>
-      <tr>
-        <td width="200px" class="main">--notin </td>
-        <td class="main"> Get targets where string doesnot exist in html</td>
+        <td width="200px" class="main">--exclude </td>
+        <td class="main"> Get targets where strings do not exist in html</td>
       </tr>
       <tr>
         <td width="200px" class="main">--unique  </td>
@@ -521,9 +521,9 @@
        atscan --dork [dork] --level [10] [--lfi | --sql ..] --payload [payload | payloads.txt] <br/>
         <hr>
        &#x25cf; <b>SEARCH VALIDATION: </b><br/>
-       atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string] <br/>
-       atscan -d [dork / dorks.txt] -l [level] --status [code] --none (Positive when status does\'nt match)<br/>
-       atscan -d [dork / dorks.txt] -l [level] --status [code] / -v [string] / --ifinurl [string] / --sregex [regex] --none<br/>
+       atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/list.txt] <br/>
+       atscan -d [dork / dorks.txt] -l [level] --status [code] / --valid [string/list.txt] --all <br/>
+       atscan -d [dork / dorks.txt] -l [level] --status [code] / --exclude [string/list.txt] <br/>
        atscan -d [dork / dorks.txt] -l [level] --ifinurl [string] <br/>
        atscan -d [dork / dorks.txt] -l [level] --sregex [regex] --valid [string] <br/>
        atscan -d [dork / dorks.txt] -l [level] --regex [regex] --valid [string] <br/>

atscan.pl

@@ -67,31 +67,32 @@
 our (@c, @XSS, @LFI, @RFI, @ADFWP, @ADMIN, @SUBDOMAIN, @UPLOAD, @ZIP, @TT, @OTHERS, @AUTH, @ErrT, @DT, @DS, @cms, @SCAN_TITLE, @E_MICROSOFT, @E_ORACLE, @E_DB2, @E_ODBC, @E_POSTGRESQL, @E_SYBASE,
      @E_JBOSSWEB, @E_JDBC, @E_JAVA, @E_PHP, @E_ASP, @E_LUA, @E_UNDEFINED, @E_MARIADB, @E_SHELL, @strings, @browserlangs, @googleDomains, @Ids, @MsIds, @sys, @vary, @buildArrays, @dorks, @z, @ZT, 
      @userArraysList, @exploits, @data, @proxies, @aTsearch, @aTscans, @defaultHeaders, @userHeaders, @aTtargets, @aTcopy, @ports, @motor, @motors, @systems, @mrands, @allMotors, @V_WP, @V_JOOM, @V_TP, @V_SMF, @V_VB, @V_MyBB,
-     @V_CF, @V_DRP, @V_PN, @V_AT, @V_PHPN, @V_MD, @V_ACM, @V_SS, @V_MX, @V_XO, @V_OSC, @V_PSH, @V_BB2, @V_MG, @V_ZC, @V_CC5, @V_OCR, @V_XSS, @V_LFI,@V_TODO, @V_AFD, @TODO, @V_VALID, @ERR, @CMS)=();
+     @V_CF, @V_DRP, @V_PN, @V_AT, @V_PHPN, @V_MD, @V_ACM, @V_SS, @V_MX, @V_XO, @V_OSC, @V_PSH, @V_BB2, @V_MG, @V_ZC, @V_CC5, @V_OCR, @V_XSS, @V_LFI,@V_TODO, @V_AFD, @TODO, @V_VALID, @ERR, @CMS,
+     @validTexts, @notIns)=();
 
 ## TOP CONFIG
 require "$Bin/inc/top.pl";
 
 ## VARIABLES 
 our ($Version, $logoVersion, $scriptUrl, $logUrl, $ipUrl, $conectUrl, $script, $script_bac, $scriptbash, $paylNote, $psx, $V_EMAIL, $V_IP, $V_RANG, $V_SEARCH, $V_REGEX, $S_REGEX, $motor1, $motor2,
-     $motor3, $motor4, $motor5, $motorparam, $mrand, $pat2, $nolisting, $Hstatus, $validText, $noExist, $WpSites, $JoomSites, $xss, $lfi, $JoomRfi, $WpAfd, $adminPage, $subdomain, $mupload, $mzip,
+     $motor3, $motor4, $motor5, $motorparam, $mrand, $pat2, $nolisting, $Hstatus, $validText, $WpSites, $JoomSites, $xss, $lfi, $JoomRfi, $WpAfd, $adminPage, $subdomain, $mupload, $mzip,
      $eMails, $command, $mmd5, $mencode64, $mdecode64, $port, $mindex, $mdom, $Target, $exploit, $p, $tcp, $udp, $proxy, $prandom, $help, $output, $replace, $replaceFROM, $dork, $mlevel, $unique,
      $shell, $nobanner, $beep, $ifinurl, $noinfo, $motor, $timeout, $limit, $checkVersion, $searchIps, $regex, $searchRegex, $noQuery, $ifend, $uninstall, $post, $get, $brandom, $data, $payloads,
      $mrandom, $content, $scriptComplInstall, $scriptCompletion, $scriptInstall, $toolInfo, $config, $freq, $headers, $msource, $ping, $notIn, $expHost, $expIp, $zone, $validShell, $interactive,
-     $popup);
+     $popup, $all);
 
 ## ARGUMENTS
 use Getopt::Long qw(GetOptions);
 our %OPT;
-Getopt::Long::GetOptions(\%OPT, 'status=s'=>\$Hstatus, 'valid|v=s'=>\$validText, 'none'=>\$noExist, 'wp'=>\$WpSites, 'joom'=>\$JoomSites, 'sql'=>\$xss, 'lfi'=>\$lfi, 'joomrfi'=>\$JoomRfi, 'wpafd'=>\$WpAfd,
+Getopt::Long::GetOptions(\%OPT, 'status=s'=>\$Hstatus, 'valid|v=s'=>\$validText, 'wp'=>\$WpSites, 'joom'=>\$JoomSites, 'sql'=>\$xss, 'lfi'=>\$lfi, 'joomrfi'=>\$JoomRfi, 'wpafd'=>\$WpAfd,
                          'admin'=>\$adminPage, 'shost'=>\$subdomain, 'upload'=>\$mupload, 'zip'=>\$mzip, 'email'=>\$eMails, 'command|c=s'=>\$command, 'md5=s'=>\$mmd5, 'encode64=s'=>\$mencode64,
                          'decode64=s'=>\$mdecode64, 'port=s'=>\$port, 'index'=>\$mindex, 'host'=>\$mdom, 't|target=s'=>\$Target, 'exp|e=s'=>\$exploit, 'p|param=s'=>\$p, 'tcp'=>\$tcp, 'udp'=>\$udp, 
                          'proxy=s'=>\$proxy, 'proxy-random=s'=>\$prandom, 'help|h'=>\$help, 'save|s=s'=>\$output, 'replace=s'=>\$replace, 'replaceFROM=s'=>\$replaceFROM, 'dork|d=s'=>\$dork, 'level|l=s'=>\$mlevel,
                          'unique'=>\$unique, 'shell=s'=>\$shell, 'nobanner'=>\$nobanner, 'beep'=>\$beep, 'ifinurl=s'=>\$ifinurl, 'noinfo'=>\$noinfo, 'm|motor=s'=>\$motor, 'timeout=s'=>\$timeout,
                          'limit=s'=>\$limit, 'update'=>\$checkVersion, 'ip'=>\$searchIps, 'regex=s'=>\$regex, 'sregex=s'=> \$searchRegex, 'noquery'=> \$noQuery, 'ifend'=>\$ifend,
                          'uninstall'=> \$uninstall, 'post'=>\$post, 'get'=>\$get, 'b-random'=>\$brandom, 'data=s'=>\$data, 'payload=s'=>\$payloads, 'm-random'=>\$mrandom, 'content'=>\$content,
-                         'tool|?'=>\$toolInfo, 'pass|config'=>\$config, 'freq=s'=>\$freq, 'header=s'=>\$headers, 'source=s'=>\$msource, 'ping'=>\$ping, 'notin=s'=>\$notIn, 'expHost=s'=>\$expHost,
-                         'expIp=s'=>\$expIp, 'zone=s'=>\$zone, 'interactive'=>\$interactive, 'vshell=s'=>\$validShell, 'popup'=>\$popup) or badArgs();
+                         'tool|?'=>\$toolInfo, 'pass|config'=>\$config, 'freq=s'=>\$freq, 'header=s'=>\$headers, 'source=s'=>\$msource, 'ping'=>\$ping, 'exclude=s'=>\$notIn, 'expHost=s'=>\$expHost,
+                         'expIp=s'=>\$expIp, 'zone=s'=>\$zone, 'interactive'=>\$interactive, 'vshell=s'=>\$validShell, 'popup'=>\$popup, 'all'=>\$all) or badArgs();
 
 ## CHOMP ARGS STRINGS
 our @toChomp=($Hstatus, $validText, $command, $mmd5, $mencode64, $mdecode64, $port, $Target, $exploit, $p, $proxy, $prandom, $output,

inc/conf/atscan

@@ -7,9 +7,9 @@ _atscan()
     COMPREPLY=()
     cur="${COMP_WORDS[COMP_CWORD]}"
     prev="${COMP_WORDS[COMP_CWORD-1]}"
-    opts="-v -s -e -h -l -d -p -t -m -c --interactive --target --source --motor --config --ping --freq --status --zone --none --notin --expHost --expIp --valid --tool --wp --joom --sql --lfi --joomrfi
+    opts="-v -s -e -h -l -d -p -t -m -c --interactive --target --source --motor --config --ping --freq --status --zone --exclude --expHost --expIp --valid --tool --wp --joom --sql --lfi --joomrfi
     --wpafd --admin --shost --upload --zip --email --command --md5 --encode64 --decode64 --port --index --host --exp --tcp --udp --full --proxy --proxy-random --help --save --replace --with --dork
-    --level --unique --shell --nobanner --beep --ifinurl --noinfo --time --limit --update --ip --regex --sregex --noquery --ifend --uninstall --post --get --b-random --data --payload --m-random
+    --level --unique --shell --nobanner --all --beep --ifinurl --noinfo --time --limit --update --ip --regex --sregex --noquery --ifend --uninstall --post --get --b-random --data --payload --m-random
     --content --source --popup"
 
     if [[ ${cur} == -* ]] ; then

inc/conf/configure.pl

@@ -12,7 +12,7 @@
 our ($Version, $logoVersion, $scriptUrl, $logUrl, $ipUrl, $conectUrl, $script, $scriptInstall, $script_bac, $scriptbash, $scriptv, $scriptCompletion, $scriptComplInstall, $readme, $uplog,
      $replace, $replaceFROM);
 
-$Version="13.3.0";
+$Version="14.0.0";
 $logoVersion="V $Version";
 $scriptUrl="https://raw.githubusercontent.com/AlisamTechnology/ATSCAN/master/atscan.pl";
 $logUrl="https://raw.githubusercontent.com/AlisamTechnology/ATSCAN/master/inc/conf/version.log";

inc/conf/main.pl

@@ -5,7 +5,8 @@
 ## Copy@right Alisam Technology see License.txt
 
 our (@TODO, @V_WP, @V_JOOM, @XSS, @V_XSS, @LFI, @V_LFI, @E_SHELL, @ADFWP, @V_AFD, @ADMIN, @V_TODO, @SUBDOMAIN, @UPLOAD, @ZIP, @SCAN_TITLE, @RFI, @c, @DT); 
-our ($paylNote, $V_EMAIL, $V_IP, $V_REGEX, $command, $mmd5, $mencode64, $mdecode64, $mlevel, $Target, $dork, $noExist, $Hstatus, $validText, $data);
+our ($paylNote, $V_EMAIL, $V_IP, $V_REGEX, $command, $mmd5, $mencode64, $mdecode64, $mlevel, $Target, $dork, $Hstatus, $validText,
+     $data);
 
 ## PRINT ENGINE RESULTS
 sub printSearch {
@@ -17,7 +18,7 @@ sub printSearch {
     print $c[3]."[i] ".scalar(grep { defined $_} @aTsearch)." $DT[4]\n";
     my $k=getK(0, 0);
     if (!$k) {
-      if (defined $noExist || defined $Hstatus || defined $validText) {
+      if (defined $Hstatus || defined $validText) {
         ptak(); print $c[11]."[!] ";timer(); print " ::: STARTING VALIDATION PROCESS SCAN.. :::\n";
       }
       makeSscan("", "", "", \@TODO, \@V_TODO, "", "", "1", "", "", "", "", "", "1");

inc/conf/version.log

@@ -1,6 +1,6 @@
-ATSCAN SCANNER VERSION 13.3.0 RELEASE
+ATSCAN SCANNER VERSION 14.0.0 RELEASE
 =====================================================
-  CHANGES: 14/11/2018
-  - Optimization.
+  CHANGES: 16/11/2018
+  - Add multiple validation.
   - Enjoy!
   =================

inc/errors/useErrors.pl

@@ -112,12 +112,4 @@ sub advise_no_file {
   print $c[2]."[!] Cannot whrite in $no_file !\n"; logoff();
 }
 
-## Negative scans
-our $noExist;
-if (defined $noExist) {
-  if (!defined $Hstatus && !defined $validText && !defined $ifinurl && !defined $searchRegex){
-    print $c[4]."[!] You cannot use --none command here! Use -h for help\n"; logoff();
-  }  
-}
-
 1;

inc/funcs.pl

@@ -7,8 +7,8 @@
 
 ## FUNCTS
 our ($payloads, $exploit, $expHost, $data, $mlevel, $dork, $Target, $V_RANG, $noQuery, $mdom, $replace, $replaceFROM, $unique, $ifinurl, $pat2, $limit, $port, $output, $ifend, $ipUrl, $noinfo,
-     $V_IP, $expIp, $interactive, $command, $uplog, $validShell);
-our (@aTscans, @userArraysList, @exploits, @dorks, @aTsearch, @aTcopy, @aTtargets, @c, @OTHERS, @DS, @DT, @TT, @proxies, @ErrT, @defaultHeaders, @userHeaders);
+     $V_IP, $expIp, $interactive, $command, $uplog, $validShell, $validText, $notIn, $all);
+our (@aTscans, @userArraysList, @exploits, @dorks, @aTsearch, @aTcopy, @aTtargets, @c, @OTHERS, @DS, @DT, @TT, @proxies, @ErrT, @defaultHeaders, @userHeaders, @validTexts, @notIns);
 
 ## USER PRE-CONFIGURATION
 our($userSetting, $proxy, $prandom, $password, $brandom, $mrandom, $zone, $motor, $nobanner, $beep, $timeout, $dateupdate, $freq, $method, $checkVersion, $get, $post, $scriptbash);
@@ -133,6 +133,10 @@ sub deletSetting {
 if (defined $expHost) { @exploits=buildArraysLists($expHost); }
 if (defined $expIp) { @exploits=buildArraysLists($expIp); }
 
+## VALIDATION ARRAYS
+if (defined $validText) { @validTexts=buildArraysLists($validText); }
+if (defined $notIn) { @notIns=buildArraysLists($notIn); }
+
 ## MAX POSITIVE SCAN RESULTS
 ## Change for more positive scans!!
 $limit="500" if !defined $limit;
@@ -547,23 +551,13 @@ sub checkFilters {
 ## GET FILTRED URLS
 sub filterUr {
   my ($URL, $dorkToCheeck)=@_;
-  our $noExist;
   my $U="";
-  if (defined $noExist) {
-    if (defined $unique || $unique) {
-      if (index($URL, $dorkToCheeck) == -1) { $U=$URL; }
-    }
-    if (defined $ifinurl) {
-      if (index($URL, $ifinurl) == -1) { $U=$URL; }
-    }
-  }else{
-    if (defined $unique || $unique) {
-      if (index($URL, $dorkToCheeck) != -1) { $U=$URL; }
-    }
-    if (defined $ifinurl) {
-      if (index($URL, $ifinurl) != -1) { $U=$URL; }
-    }
-  } 
+  if (defined $unique || $unique) {
+    if (index($URL, $dorkToCheeck) != -1) { $U=$URL; }
+  }
+  if (defined $ifinurl) {
+    if (index($URL, $ifinurl) != -1) { $U=$URL; }
+  }
   return $U;
 }
 
@@ -588,7 +582,7 @@ sub checkHeaders {
 ## END SCAN PROCESS
 sub subfin {
   our $ifend;
-  print $c[2]."[!] "; timer(); print " $DT[3]!\n";
+  print $c[4]."[!] "; timer(); print " $DT[3]!\n";
   if (defined $ifend || $ifend) { print chr(7); }
 }
 
@@ -602,13 +596,8 @@ sub countResultLists {
 ## SEARCH REGEX FILTER
 sub doRegex { 
   my $searchRegex=$_[0];
-  our $noExist;
   for my $URL(@aTsearch) {
-    if (defined $noExist) {
-      if ($URL!~/$searchRegex/) { saveCopy($URL); }
-    }else{
-      if ($URL=~/$searchRegex/) { saveCopy($URL); }
-    }
+    if ($URL=~/$searchRegex/) { saveCopy($URL); }
   }
 }
 
@@ -734,7 +723,7 @@ sub printProxy {
 sub Targs {
   our ($mindex, $Hstatus, $validText);
   my @Targs=($xss, $data, $lfi, $ifinurl, $WpSites, $Hstatus, $validText, $adminPage, $subdomain, $JoomRfi, $WpAfd, $mindex, $port, $mupload, $mzip, $JoomSites, $eMails, $searchIps,
-             $regex, $command, $ping, $interactive, $validShell);
+             $regex, $command, $ping, $interactive, $validShell, $notIn);
   my $Targ=0;
   for (@Targs) { $Targ++ if defined $_; }
   return $Targ;

inc/help.pl

@@ -85,9 +85,10 @@
   ."   atscan -d <dork | dorks.txt> -l <level> --unique \n\n";
 
   ltak(); print $c[12]."  SCAN VALIDATION: \n".$c[10]
-  ."   atscan -t <target | targets.txt> [--status <code> | --valid <string>] \n"
+  ."   atscan -t <target | targets.txt> [--status <code> | --valid <string> | --valid <list.txt>] \n"
+  ."   atscan -t <target | targets.txt> [--status <code> | --valid <string> --all] \n"
+  ."   atscan -t <target | targets.txt> [--status <code> | --exclude <string> | --exclude <list.txt>] \n"
   ."   atscan -t <target | targets.txt> --vshell <path> \n"
-  ."   atscan -t <target | targets.txt> [--status <code> | --valid <string> --none] \n"
   ."   atscan -d <dork | dorks.txt> -l <level> --exp/expHost <payload> --status <code> | --valid <string> \n"
   ."   atscan -d <dorks.txt> -l <level> --replace \"string \=\> new_string\" --status <code> | --valid <string> \n"
   ."   atscan -d <dork | dorks.txt> -l <level> [--admin | --sql ..] --status <code> | --valid <string> \n"  

inc/interactive/values.pl

@@ -44,12 +44,12 @@
 our %ARGUMENTSALL=("status"=>"status code", "valid"=>"content by string", "vshell"=>"validate by url", "exp"=>"exploit", "proxy"=>"use proxy", "proxy-random"=>"random proxy", "save"=>"output file",
                    "replace"=>"Exact string replace", "replaceFROM"=>"full string replace", "ifinurl"=>"valid url by string", "noquery"=>"remove query string", "b-random"=>"random browser",
                    "content"=>"response content", "expHost"=>"exploit host", "expIp"=>"exploit target ip", "timeout"=>"browser time out", "host"=>"host name");
-our @ARGUMENTSALL=('status', 'valid', '', 'exp', 'proxy', 'proxy-random', 'save', 'replace', 'replaceFROM', 'ifinurl', 'noquery', 'b-random', 'content', 'expHost', 'expIp', 'timeout', 'host');
+our @ARGUMENTSALL=('status', 'valid', 'vshell', 'exp', 'proxy', 'proxy-random', 'save', 'replace', 'replaceFROM', 'ifinurl', 'noquery', 'b-random', 'content', 'expHost', 'expIp', 'timeout', 'host');
 
 ## NOT REQUIRE A VALUE
-our @NoValRequierd=('none', 'host', 'tcp', 'udp', 'full', 'unique', 'nobanner', 'beep', 'noinfo', 'update', 'ip', 'noquery', 'ifend', 'post', 'get', 'b-random', 'm-random', 'content', 'ping',
+our @NoValRequierd=('host', 'tcp', 'udp', 'full', 'unique', 'nobanner', 'beep', 'noinfo', 'update', 'ip', 'noquery', 'ifend', 'post', 'get', 'b-random', 'm-random', 'content', 'ping',
                    'HOST', 'PORT', 'HOSTIP', 'TARGET', 'sql', 'lfi', 'wpafd', 'admin', 'index', 'wp', 'joom', 'zip', 'email', 'ip', 'ports', 'commands', 'form', 'search', 'normal',
-                   'advanced', 'joomrfi', 'shost', 'email', 'decrypt', 'nomodule', 'popup');
+                   'advanced', 'joomrfi', 'shost', 'email', 'decrypt', 'nomodule', 'popup', 'all');
 
 ## DATA ARGUMENTS
 our @INTERDataScan=('post', 'get', 'data', 'header', 'upload');
@@ -84,9 +84,9 @@
 our %ENGINEARGUMENTS=(%ENGINEARGUMENTS, %INTERdork, %INTERtarget, %INTERSearchScans, %INTERlevel);
 
 ## ADVANCED MODE
-our @INTERadvanced=("nobanner", "beep", "noinfo", "ifend", "freq", "regex", "sregex", "none", "notin", "source", "limit");
+our @INTERadvanced=("nobanner", "beep", "noinfo", "ifend", "freq", "regex", "sregex", "exclude", "all", "source", "limit");
 our %INTERadvanced=("nobanner"=>"hide banner", "beep"=>"beep sound", "noinfo"=>"hide target info", "ifend"=>"beep at end", "freq"=>"random frequency", "regex"=>"get matching regex",
-                    "sregex"=>"valid url by regex", "none"=>"negative validation", "notin"=>"no string in html", "source"=>"html output folder", "limit"=>"max positive scans");
+                    "sregex"=>"valid url by regex", "exclude"=>"negative validation", "all"=>"validate all", "source"=>"html output folder", "limit"=>"max positive scans");
 ##############################################################################################
 
 1;