TheTimeMachine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Related tags

Third-party APIs Wrappersjiraosintscannerxssautomatefuzzingparameterbugbountyfuzzerlfiopenredirect
Overview

The Time Machine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

TheTimeMachine

Detailed Description about this can be found here :

Read Blog here : Will write blog soon, if you wrote DM me with link :)

Introduction

I have created this tool for making my work easier when it comes to recon and fetching sensitive endpoints for sensitive data exposure and further exploitation using waybackurls and sorting for Sensitive endpoints, it has also option to look for sensitive endpoints for information disclosure, It has have more capabilities like looking for possible endpoints vulnerable to XSS, LFI, JIRA Based Vulnerability, Open Redirection.

I'm not too much into bug bounty but recently found P1 with The Time Machine : https://bugcrowd.com/H4CK3R/crowdstream

It worked on multiple bug bounty program, reports are still under review :P

How to install and use

Note : Tested with python3 on Ubuntu/Kali

$ git clone https://github.com/anmolksachan/TheTimeMachine
$ cd TheTimeMachine
$ pip3 install -m requirements.txt
$ python thetimemachine.py

Example Run :

Note : Entered URL must look like domain.com or subdomain.domain.com no http or https is required

$ python thetimemachine.py domain.com
$ python thetimemachine.py subdomain.domain.com
.. .. .. .. 
.. .. .. .. 
AND SO ON

enter image description here

Add your own list of payloads

you can edit multiple available payloads and Fuzz , 
Add your own in the interested text file !

Contact

Shoot my DM : @FR13ND0x7F

Special Thanks

@nihitjain11

Want to support my work?

Give me a Star in the repository, thats enough for me :P

You might also like...
This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

RwinShow 57 Dec 18, 2022
Script for polybar to display and control media(not only Spotify) using DBus.
Script for polybar to display and control media(not only Spotify) using DBus.

polybar-now-playing Script for polybar to display and control media(not only Spotify) using DBus Python script to display and control current playing

Dope Wizard 48 Dec 31, 2022
CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targetAccountIds attribute of the EC2 Image Builder AMI distribution settings which is not currently supported (as of October 2021) in CloudFormation or CDK.
CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targetAccountIds attribute of the EC2 Image Builder AMI distribution settings which is not currently supported (as of October 2021) in CloudFormation or CDK.

ec2-imagebuilder-ami-share CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targe

AWS Samples 2 Oct 22, 2022
A wrapper for The Movie Database API v3 and v4 that only uses the read access token (not api key).

fulltmdb A wrapper for The Movie Database API v3 and v4 that only uses the read access token (not api key). Installation Use the package manager pip t

Jacob Hale 2 Sep 26, 2021
Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

Member-Booster Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

Mintyz 1 Dec 28, 2021
CLI tool that checks who does and who does not follow you back on Instagram

CLI tool that checks who does and who does not follow you back on Instagram. It also checks who you don't follow back on Instagram.

Ayushman Roy 3 Dec 2, 2022
Python JIRA Library is the easiest way to automate JIRA. Support for py27 was dropped on 2019-10-14, do not raise bugs related to it.
Python JIRA Library is the easiest way to automate JIRA. Support for py27 was dropped on 2019-10-14, do not raise bugs related to it.

Jira Python Library This library eases the use of the Jira REST API from Python and it has been used in production for years. As this is an open-sourc

PyContribs 1.7k Jan 6, 2023
AHA is an incident management & communication framework to provide real-time alert customers when there are active AWS event(s). For customers with AWS Organizations, customers can get aggregated active account level events of all the accounts in the Organization. Customers not using AWS Organizations still benefit alerting at the account level.
AHA is an incident management & communication framework to provide real-time alert customers when there are active AWS event(s). For customers with AWS Organizations, customers can get aggregated active account level events of all the accounts in the Organization. Customers not using AWS Organizations still benefit alerting at the account level.

Table of Contents Introduction Architecture Configuring an Endpoint Creating a Amazon Chime Webhook URL Creating a Slack Webhook URL Creating a Micros

AWS Samples 215 Dec 23, 2022
Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.
Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.

PyPhisher [+] Created By KasRoudra [+] Description : Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, gi

KasRoudra 1.1k Jan 1, 2023
Comments
  • Error Msg SSLError

    Error Msg SSLError

    Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request six.raise_from(e, None) File "", line 3, in raise_from File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request httplib_response = conn.getresponse() File "/usr/lib/python3.9/http/client.py", line 1377, in getresponse response.begin() File "/usr/lib/python3.9/http/client.py", line 320, in begin version, status, reason = self._read_status() File "/usr/lib/python3.9/http/client.py", line 281, in _read_status line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1") File "/usr/lib/python3.9/socket.py", line 704, in readinto return self._sock.recv_into(b) File "/usr/lib/python3.9/ssl.py", line 1241, in recv_into return self.read(nbytes, buffer) File "/usr/lib/python3.9/ssl.py", line 1099, in read return self._sslobj.read(len, buffer) ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:2633)

    opened by qusaialhaddad 1
Releases(2.0)

  • 2.0(Jan 23, 2022)

  • 1.0(Jan 25, 2022)

    Features

    1. Search for /api/ endpoint
    2. Search for JSON endpoint
    3. Fetch possible Conf(configuration) endpoint
    4. All Possible Sensitive instances in URL from TheTimeMachine (Searches from Fuzz List) or can also Add your own Custom List
    5. Fetches subdomains from waybackurl
    6. Search Custom keyword of your choice Eg. backup, .log etc.
    7. Attack Mode ( Searched for vulnerable possible endpoints for SQLi, LFI, XSS, Open Redirect, JIRA Based Vulnerability.
    8. You can manually edit all the files that searched for XSS, LFI, Fuzz etc.
    Source code(tar.gz)
    Source code(zip)
Owner
Anmol K Sachan
La plus belle des ruses du diable est de vous persuader qu'il n'existe pas || Cyber Security Analyst
Anmol K Sachan
GitHub Repository
This is to notify you via Discord whenever there is a new beacon.

BeaconNotifier-Discord This is to notify you via Discord whenever there is a new beacon. Make sure you have python3 installed Steps: Create a Discord

26 Dec 28, 2022
A PowerFull Telegram Mirror Bot.......

- [ DEAD REPO AND NO MORE UPDATE ] Slam Mirror Bot Slam Mirror Bot is a multipurpose Telegram Bot written in Python for mirroring files on the Interne

αвιנтн 2 Nov 09, 2021
Asynchronous Python Wrapper for the GoFile API

Asynchronous Python Wrapper for the GoFile API

Gautam Kumar 22 Aug 04, 2022
A Discord token grabber written in Python3, with awesome obfuscation and anti-debug protection.

☣️ Plague ☣️ Plague is a Discord token grabber written in Python3, obfuscated with Kramer, protected from traffic analysers with Scarecrow and using t

Billy 125 Dec 20, 2022
AWS Lambda - Parsing Cloudwatch Data and sending the response via email.

AWS Lambda - Parsing Cloudwatch Data and sending the response via email. Author: Evan Erickson Language: Python Backend: AWS / Serverless / AWS Lambda

Evan Scott Erickson 1 Nov 14, 2021
A results generator and automatic token checker for Yandex Contest

Yandex contest Python checking tools A results generator and automatic token checker for Yandex Contest. Версия на русском языке Installation Clone th

Nikolay Chechulin 9 Dec 14, 2022
Manage Proxmox KVM Virtual Machines via Slack bot.

proxmox-slack-bot Create KVM Virtual Machines on Proxmox, the easy way. Not much works works here yet... Setup dev environment Setup fully editable st

Plenus Pyramis 3 Mar 20, 2022
Invites link generator for telegram(made for channel referral links)

InviteLinkGen Invites link generator for telegram(for channel referral links) made for @HelakuruEsana channel Spotify Giveaway

Jaindu Charindith 7 Feb 01, 2022
This python cheat utilizes PyMeow, PyMem, and others to enhance your CS:GO experience ;).

CSGO-Python-Cheat This python cheat utilizes PyMeow, PyMem, and others to enhance your CS:GO experience ;). Features Esp Tracers Chams (More to come)

Addi 1 Nov 30, 2021
Auto-Approved-Bot - Auto Approved Invaite Link Request Telegram Bot

🤖 𝗔𝘂𝘁𝗼-𝗔𝗽𝗽𝗿𝗼𝘃𝗲-𝗕𝗼𝘁 🤖 ℹ️ 𝗨𝘀𝗲𝗴𝗲 ℹ️ When a join request invita

Muhammed 32 Dec 18, 2022
a discord bot for searching your movies, and bot return movie url for you :)

IMDb Discord Bot how to run this bot. the first step you must create prefixes.json file the second step you must create a virtualenv if you use window

Mehdi Radfar 6 Dec 20, 2022
Discord bots that update their status to the price of any coin listed on x.vite.net

Discord bots that update their status to the price of any coin listed on x.vite.net

5am 3 Nov 27, 2022
Offline reverse geocoder in Python using sqlite3

rgeocode Offline reverse geocoder rgeocode accepts a geographic coordinate pair (latitude and longitude) and returns a list containing the name of: A

Venkat 7 Dec 01, 2021
Bot for automated buying boxes on Binance

V 1.0 Bot for automated buying boxes on Binance В settings.py выставляем свои COOKIE и свой CSRFTOKEN В settings.py для headers выставляем свои параме

Matvey 3 Jan 18, 2022
Info gathering | API hacketarget.com

InfoFetch Info gathering | API hackertarget.com set-up: apt-get install python3 pip3 install requests apt-get install git git clone https://github.com

Muhammed Rizad 4 Nov 22, 2021
Python JIRA Library is the easiest way to automate JIRA. Support for py27 was dropped on 2019-10-14, do not raise bugs related to it.

Jira Python Library This library eases the use of the Jira REST API from Python and it has been used in production for years. As this is an open-sourc

PyContribs 1.7k Jan 06, 2023
Telegram hack bot [ For Dev ]

Telegram hack bot [ For Dev ]

Alison Parker 1 Jul 04, 2022
TESSARECT A Powerful Bot you'll ever need for anything

Tessarect TESSARECT A Powerful Bot you'll ever need for anything TESSARECT It is my First bot but very advanced and designed for all your needs , from

Prakarsh Prp 4 Aug 27, 2022
Tiktok BOT 1 link Vidio otomatis : - Nambah view - Nambah love - Nambah share - Nambah love komen (semua komen ke love)

Install Bahannya pip install selenium pip install pyfiglet==0.7.5 Cara Install dan Menjalankannya Git-clone this repo! Install selenium and pyfiglet u

Ahmad Ghozali 1 Mar 01, 2022
Exporta archivos masivamente del TEC Digital.

TEC Digital Files Exporter Script que permite exportar los archivos de cursos del TEC Digital del Instituto Tecnológico de Costa Rica, debido al borra

Joseph Vargas 22 Apr 08, 2021