TheTimeMachine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Last update: Dec 29, 2022

Overview

The Time Machine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Detailed Description about this can be found here :

Read Blog here : Will write blog soon, if you wrote DM me with link :)

Introduction

I have created this tool for making my work easier when it comes to recon and fetching sensitive endpoints for sensitive data exposure and further exploitation using waybackurls and sorting for Sensitive endpoints, it has also option to look for sensitive endpoints for information disclosure, It has have more capabilities like looking for possible endpoints vulnerable to XSS, LFI, JIRA Based Vulnerability, Open Redirection.

I'm not too much into bug bounty but recently found P1 with The Time Machine : https://bugcrowd.com/H4CK3R/crowdstream

It worked on multiple bug bounty program, reports are still under review :P

How to install and use

Note : Tested with python3 on Ubuntu/Kali

$ git clone https://github.com/anmolksachan/TheTimeMachine
$ cd TheTimeMachine
$ pip3 install -m requirements.txt
$ python thetimemachine.py

Example Run :

Note : Entered URL must look like domain.com or subdomain.domain.com no http or https is required

$ python thetimemachine.py domain.com
$ python thetimemachine.py subdomain.domain.com
.. .. .. .. 
.. .. .. .. 
AND SO ON

Add your own list of payloads

you can edit multiple available payloads and Fuzz , 
Add your own in the interested text file !

Contact

Shoot my DM : @FR13ND0x7F

Special Thanks

@nihitjain11

Want to support my work?

Give me a Star in the repository, thats enough for me :P

This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

57 Dec 18, 2022

Script for polybar to display and control media(not only Spotify) using DBus.

polybar-now-playing Script for polybar to display and control media(not only Spotify) using DBus Python script to display and control current playing

48 Dec 31, 2022

CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targetAccountIds attribute of the EC2 Image Builder AMI distribution settings which is not currently supported (as of October 2021) in CloudFormation or CDK.

ec2-imagebuilder-ami-share CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targe

2 Oct 22, 2022

A wrapper for The Movie Database API v3 and v4 that only uses the read access token (not api key).

fulltmdb A wrapper for The Movie Database API v3 and v4 that only uses the read access token (not api key). Installation Use the package manager pip t

2 Sep 26, 2021

Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

Member-Booster Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

1 Dec 28, 2021

CLI tool that checks who does and who does not follow you back on Instagram

CLI tool that checks who does and who does not follow you back on Instagram. It also checks who you don't follow back on Instagram.

3 Dec 2, 2022

Python JIRA Library is the easiest way to automate JIRA. Support for py27 was dropped on 2019-10-14, do not raise bugs related to it.

Jira Python Library This library eases the use of the Jira REST API from Python and it has been used in production for years. As this is an open-sourc

1.7k Jan 6, 2023

AHA is an incident management & communication framework to provide real-time alert customers when there are active AWS event(s). For customers with AWS Organizations, customers can get aggregated active account level events of all the accounts in the Organization. Customers not using AWS Organizations still benefit alerting at the account level.

Table of Contents Introduction Architecture Configuring an Endpoint Creating a Amazon Chime Webhook URL Creating a Slack Webhook URL Creating a Micros

215 Dec 23, 2022

Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.

PyPhisher [+] Created By KasRoudra [+] Description : Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, gi

1.1k Jan 1, 2023

Comments

Error Msg SSLError

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request six.raise_from(e, None) File "", line 3, in raise_from File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request httplib_response = conn.getresponse() File "/usr/lib/python3.9/http/client.py", line 1377, in getresponse response.begin() File "/usr/lib/python3.9/http/client.py", line 320, in begin version, status, reason = self._read_status() File "/usr/lib/python3.9/http/client.py", line 281, in _read_status line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1") File "/usr/lib/python3.9/socket.py", line 704, in readinto return self._sock.recv_into(b) File "/usr/lib/python3.9/ssl.py", line 1241, in recv_into return self.read(nbytes, buffer) File "/usr/lib/python3.9/ssl.py", line 1099, in read return self._sslobj.read(len, buffer) ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:2633)

opened by qusaialhaddad 1

Releases(2.0)

2.0(Jan 23, 2022)
V2.0

Fixed Issue

SSL Check

WP Endpoint Search

Custom Search of endpoints

Fetch Parameters from a file

Updated folder structure

Learned a little bit exception handling while this process xD

Source code(tar.gz)
Source code(zip)
TheTimeMachine.v2.1.zip(909.97 KB)
1.0(Jan 25, 2022)
Features

Search for /api/ endpoint

Search for JSON endpoint

Fetch possible Conf(configuration) endpoint

All Possible Sensitive instances in URL from TheTimeMachine (Searches from Fuzz List) or can also Add your own Custom List

Fetches subdomains from waybackurl

Search Custom keyword of your choice Eg. backup, .log etc.

Attack Mode ( Searched for vulnerable possible endpoints for SQLi, LFI, XSS, Open Redirect, JIRA Based Vulnerability.

You can manually edit all the files that searched for XSS, LFI, Fuzz etc.

Source code(tar.gz)
Source code(zip)

Owner

Anmol K Sachan

La plus belle des ruses du diable est de vous persuader qu'il n'existe pas || Cyber Security Analyst

GitHub Repository

Black-hat with python

black-hat_python Advantages - More advance tool Easy to use allows updating tool update - run bash update.sh Here -: Command to install tool main- clo

2 Feb 10, 2022

Automatically deploy freqtrade to a remote Docker host and auto update strategies.

Freqtrade Automatically deploy freqtrade to a remote Docker host and auto update strategies. I've been using it to automatically deploy to vultr, but

109 Jan 07, 2023

Unfollows Users You're Following

Github-Unfollow-Bot Info It unfollows users you're following, it runs in the background so you can still do what you do without it bothering you. It's

4 Sep 03, 2022

An API wrapper for discord; maintained and improved from discord.py

Fusion.py Documentation What is Fusion.py you might ask; Fusion.py is a Discord.py fork that has most of the good features from most of the big Discor

5 Apr 19, 2022

Programa capaz de gerar QR Code a partir do link inserido.

QrCodePy Programa capaz de gerar QR Code, a partir do link inserido, em forma de imagem e salvar localmente. Exemplo de saída: Requisitos Pure Python

4 Sep 09, 2021

An async-ready Python wrapper around FerrisChat's API.

FerrisWheel An async-ready Python wrapper around FerrisChat's API. Installation Instructions Linux: $ python3.9 -m pip install -U ferriswheel Python 3

8 Feb 08, 2022

A python script to send sms anonymously with SMS Gateway API. Works on command line terminal.

incognito-sms-sender A python script to send sms anonymously with SMS Gateway API. Works on command line terminal. Download and run script Go to API S

1 Oct 25, 2021

My Advent of Code solutions. I also upload videos of my solves: https://www.youtube.com/channel/UCuWLIm0l4sDpEe28t41WITA

My solutions to adventofcode.com puzzles. I post videos of me solving the puzzles in real-time at https://www.youtube.com/channel/UCuWLIm0l4sDpEe28t41

195 Jan 04, 2023

A github actions + python code to extract URLs to code repositories to put into standard form, starting with github

A github actions + python code to extract URLs to code repositories to put into standard form, starting with github ---- NOTE: JUS

2 Nov 15, 2021

A simple terminal UI for viewing fund P/L analysis through TEFAS

Tefas UI A simple terminal UI for viewing fund P/L analysis through TEFAS. Features (that my own bank's UI lack): Daily and weekly P/L FX comparisons

4 Mar 14, 2022

Shuffle and add items from jellyfin to mpd (use in tandem with jellyfin-mopidy and mpd-mopidy). Similar to ncmpcpp's "Add random" feature..

jellyshuf Essentially implements ncmpcpp's add random feature (default hotkey: `) through a script which grabs info from jellyfin api itself. jellyfin

2 Dec 14, 2021

AnyAPI is a library that helps you to write any API wrapper with ease and in pythonic way.

AnyAPI AnyAPI is a library that helps you to write any API wrappers with ease and in pythonic way. Features Have better looking code using dynamic met

129 Sep 20, 2022

Minimal API for the COVID Booking System of the Offices at the UniPD Math Dep

Simple and easy to use python BOT for the COVID registration booking system of the math department @ unipd (torre archimede). This API creates an interface with the official website, with more useful

4 Dec 24, 2021

A anti-repostbot script for reddit, runs u/ThisIsARepostBotBot

ThisIsARepostBotBot So you found a repost bot, now what? This is a bot to reply to all posts of a repost bot with a message urging users to report and

3 May 23, 2022

Tracks twitter spaces and sends it to a discord webhook.

Tracks twitter spaces and sends it to a discord webhook. Uses the twitter api to find twitter spaces and then the m3u8 url for the space is found using selenium and will have it posted using a discor

20 Dec 17, 2022

A script to generate the m3u playlist containing direct streamable file (.mpd or MPEG-DASH or DASH) based on the channels that the user has subscribed on the Tata Sky portal. You just have to login using your password or otp that's it .

Tata Sky IPTV Script generator A script to generate the m3u playlist containing direct streamable file (.mpd or MPEG-DASH or DASH) based on the channe

19 Dec 03, 2021

The purpose of this bot is to take soundcloud track requests, that are posted in the stream-requests channel, and add them to a playlist, to make the process of scrolling through the requests easier for Root

Discord Song Collector Dont know if anyone is actually going to read this, but the purpose of this bot is to check every message in the stream-request

2 Mar 01, 2022

This repository provides a set functions to extract paragraphs from AWS Textract responses.

extract-paragraphs-with-aws-textract Since AWS Textract (the AWS OCR service) does not have a native function to extract paragraphs, this repository p

3 Jan 26, 2022

This project checks the weather in the next 12 hours and sends an SMS to your phone number if it's going to rain to remind you to take your umbrella.

RainAlert-Request-Twilio This project checks the weather in the next 12 hours and sends an SMS to your phone number if it's going to rain to remind yo

9 Apr 15, 2022

A Telegram Most Powerful Media Info Bot.

Media Info Bot Support 🚑 Demo For The Bot -Test Our Bot By Clicking The Button Below Deploy To Heroku 🗳 Press the Deploy Button to Get Your Own Bot.

5 May 16, 2022