ATSCAN – Advance Web Application Scanner in Kali Linux

ATSCAN stands for Advance Web Application Scanner. ATSCAN is a free and open-source tool available on GitHub. ATSCAN is a vulnerability scanner tool. This tool is used for vulnerability scanning of websites and webapps. This tool also works as web exploitation tool. ATSCAN is written in Perl language. You must have packages of Perl language in your Kali Linux system to run this tool. ATSCAN is used to scan websites for information gathering and finding vulnerabilities in websites and webapps. ATSCAN is one of the easiest and useful tools for performing reconnaissance on websites and web apps. The ATSCAN tool is also available for Linux.

 This tool can be used to get information about our target(domain). We can target any domain using ATSCAN. The interactive console provides a number of helpful features, such as command completion and contextual help. This tool is written in Perl language. You must have Perl language installed in your Kali Linux to use this tool. ATSCAN can detect content management systems such as WordPress, Drupal, Joomla, and Magento CMS, WordPress sensitive files, and WordPress version-related vulnerabilities. ATSCAN uses different modules for doing all the scannings. 

Features of ATSCAN:

• ATSCAN is a free and open-source tool this means you can download and use it free of cost.
• ATSCAN is a complete package of information gathering modules. These modules help for reconnaissance.
• ATSCAN works and acts as a web application/website scanner.
• ATSCAN is written in Perl language.
• ATSCAN can target a single domain and can found all the subdomains of that domain which makes work easy for pentesters/security researchers.
• ATSCAN can easily find loopholes in the code of web applications and websites that can be exploited by hackers.
• ATSCAN is used for information gathering and vulnerability assessment of web applications.
• ATSCAN’s interactive console provides a number of helpful features.
• ATSCAN’S interface is very similar to metasploitable 1 and metasploitable 2 that makes it easy to use.
• ATSCAN is one of the complete package of Information gathering tools.

Uses of ATSCAN:

• Information gathering of websites/webapps.
• For vulnerability assessments of websites/webapps.
• To perform reconnaissance on websites/webapps using different modules.
• Multiple instant scans on websites and web applications.
• Mass Exploitation on websites/webapps.
• For Ports scanings it can detect ports whether they are open or close.
• Collect IPs of target domains.
• To perform crawling on websites/webapps.
• To Collect Emails associated with the domain.
• To scan for XSS cross site scripting on websites/webapps.
• To check for SQLI sql injection vulnerability of websites/webapps.
• For LFI scanning on websites/webapps.
• To get server details of the target.
• Perform full reconnaissance.

Installation and step-by-step tutorial of ATSCAN tool:

Step 1: Open your kali Linux operating system. Move to desktop. Here you have to create a directory called ATSCAN. In this directory, you have to install the tool.

To move to desktop use the following command.

cd Desktop

Step 2: Now you are on the desktop. Here you have to create a directory called ATSCAN. To create ATSCAN directory use the following command.

mkdir ATSCAN

Step 3: You have created a directory. Now use the following command to move into that directory.

cd ATSCAN

Step 4: Now you are in ATSCAN directory. In this directory you have to download the tool means you have to clone the tool from GitHub. Use the following command to clone the tool from GitHub.

git clone https://github.com/AlisamTechnology/ATSCAN.git

Step 5. The tool has been downloaded in the directory ATSCAN. Now to list out the contents of the tool that has been downloaded using the following command.

ls

Step 6: When you listed out the contents of the tool you can see that a new directory has been generated by the tool that is ATSCAN. You have to move to this directory to view the contents of the tool. To move in this directory using the following command.

cd ATSCAN

Step 7. To list out the contents of this directory use following command.

ls

Step 8: You can see that so many files are there in this directory. These files are the files of the tool. Now you have to give permission to the tool for execution.

chmod +x install.sh
chmod +x atscan.pl

Step 9: All the process of downloading and installation is completed. Now you have to install the tool to use ATSCAN. To install the tool use the following command.

./install.sh

Step 10: The tool has been installed now to run the tool use the following command.

atscan

Step 11: You can see the tool is running now. Use the following command to get help from the tool.

atscan -h

Usages:

Use ATSCAN tool to gather information about ip address, agent, server details of the target.

atscan -t scanme.org

We have scanned the website called scanme.org, and we got these details.

Use ATSCAN tool to find emails associated with the target website.

atscan -t http://testphp.vulnweb.com --email

Conclusion: This is how we got emails associated with the website. These were the example to use atscan tool. This tool is used for vulnerability scanning of websites and webapps. This tool also works as a web exploitation tool. ATSCAN is written in Perl language. You must have packages of Perl language in your Kali Linux system to run this tool. ATSCAN is used to scan websites for information gathering and finding vulnerabilities in websites and webapps. ATSCAN is one of the easiest and useful tools for performing reconnaissance on websites and web apps. The ATSCAN tool is also available for Linux.