{"id":15687604,"url":"https://github.com/9oelm/atm","last_synced_at":"2025-05-07T20:05:50.859Z","repository":{"id":83601705,"uuid":"444866290","full_name":"9oelM/atm","owner":"9oelM","description":"A set of AuToMation scripts for hacking.","archived":false,"fork":false,"pushed_at":"2022-01-05T16:12:22.000Z","size":181,"stargazers_count":11,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-07T20:04:51.608Z","etag":null,"topics":["automation","bugbounty","hacking","infosec","script","web-hacking"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/9oelM.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-05T16:06:14.000Z","updated_at":"2025-03-01T09:57:22.000Z","dependencies_parsed_at":"2023-07-07T22:30:28.272Z","dependency_job_id":null,"html_url":"https://github.com/9oelM/atm","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9oelM%2Fatm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9oelM%2Fatm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9oelM%2Fatm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9oelM%2Fatm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/9oelM","download_url":"https://codeload.github.com/9oelM/atm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252949272,"owners_count":21830151,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","bugbounty","hacking","infosec","script","web-hacking"],"created_at":"2024-10-03T17:50:22.248Z","updated_at":"2025-05-07T20:05:50.839Z","avatar_url":"https://github.com/9oelM.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# atm\n\n```\n      ___           ___           ___     \n     /\\  \\         /\\  \\         /\\__\\    \n    /::\\  \\        \\:\\  \\       /::|  |   \n   /:/\\:\\  \\        \\:\\  \\     /:|:|  |   \n  /::\\~\\:\\  \\       /::\\  \\   /:/|:|__|__ \n /:/\\:\\ \\:\\__\\     /:/\\:\\__\\ /:/ |::::\\__\\\\\n \\/__\\:\\/:/  /    /:/  \\/__/ \\/__/~~/:/  /\n      \\::/  /    /:/  /            /:/  / \n      /:/  /     \\/__/            /:/  /  \n     /:/  /                      /:/  /   \n     \\/__/                       \\/__/    \n\nscripts by @9oelm https://github.com/9oelM\n```\n\nA set of AuToMation scripts for hacking.\n\nThe biggest difference of this repo, from other mainstreams, is that it has each functionality in separate shell script, usable for different purposes.\nThe scripts don't have to run altogether, which would make the whole thing inflexible. Maybe you need to fuzz a single special target that you are concentrating on. Maybe there was something weird that you want to review again. Then you go into individual shell scripts.\n\n# Prerequisites\n## Install all tools used in the scripts\n\nIf you don't want to install them all in your local machine, you could run a docker container by building the image from the dockerfile provided in this repo. Otherwise, please reference the installation steps in Dockerfile if you are willing to directly install them in your local machine. \n\n# Installation\n\n```bash\ngit clone https://github.com/9oelm/atm.git\n\ncd scripts\n\nchmod u+x install.sh\n\nsudo ./install.sh \n```\n\n# Scripts\nSee under `/scripts` directory.\n\n```\natm-beautify-js.sh\natm-clean-words.sh\natm-decode-base64.sh\natm-download-files-from-urls.sh\natm-filter-csv-by-status-code.sh\natm-find-crlf-injections.sh\natm-find-ext-urls.sh\natm-find-location-reflected-urls.sh\natm-find-non-binary-files.sh\natm-find-quick-subdomains.sh\natm-find-target-subdomains.sh\natm-find-urls.sh\natm-find-valid-urls.sh\natm-find-words-from-files.sh\natm-find-working-urls.sh\natm-generate-crlf-injection-payloads.sh\natm-ignore-long-lines.sh\natm-monkeypatch-ffuf-csv-output.sh\natm-parse-target-yml.sh\natm-process-ffuf-csv-output.sh\natm-run-preliminary-ffuf.sh\natm-sanitize-wordlist.sh\natm-search-binaryedge.sh\natm-send-many-mails.py\natm-send-simple-mail.py\natm-subtract-files.sh\natm-unique-and-randomize-api-wordlist.sh\n```\n\n# Usage\nEach shell script has its own -h (help) flag. Please look at `/scripts` directory.\n\n# Expectations\n- [x] Notify progress if `TELEGRAM_CHAT` and `TELEGRAM_TOKEN` are defined as environment variables (only in docker)\n- [x] Automate creating payloads for and testing CRLF injection.\n- [x] Automate javascript files scanning and sensitive information disclosure\n- [x] Automate content discovery\n- [ ] Automate finding reflected XSS \n- [ ] Automate finding prototype pollution\n- [ ] Automate finding SQL injection\n- [ ] Automate finding open redirect\n- [ ] Automate finding http parameters using tools like https://github.com/s0md3v/Arjun\n\n## Todo\n- [ ] Integrate gospider into atm-find-urls.sh\n- [ ] Docker build cache in Github actions\n\n## Ref\n\n### Wordlists\n- https://github.com/cujanovic/Open-Redirect-Payloads/blob/master/Open-Redirect-payloads.txt\n- https://github.com/omurugur/Open_Redirect_Payload_List/blob/master/Open-Redirect-Payload\n- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Variables/secret-keywords.txt\n- https://github.com/m4ll0k/BBTz/blob/master/jsalert.py\n- https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning\n    use below code to get all slugs\n    ```js\n    const table = document.querySelector(`#article-contents \u003e div \u003e table:nth-child(21) \u003e tbody`)\n    [...table.children].map((tr) =\u003e [...tr.children][2].textContent).join('\\n')\n    ```\n- https://gist.github.com/jhaddix/f64c97d0863a78454e44c2f7119c2a6a\n- https://gist.github.com/jhaddix/b80ea67d85c13206125806f0828f4d10\n- https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt\n- https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/extensions.txt\n- https://gist.github.com/nullenc0de/96fb9e934fc16415fbda2f83f08b28e7#file-content_discovery_nullenc0de-txt\n- https://gist.github.com/nullenc0de/9cb36260207924f8e1787279a05eb773\n- https://wordlists.assetnote.io/\n\n### Recon\n- https://github.com/nahamsec/lazyrecon\n- https://github.com/robotshell/magicRecon\n- https://github.com/projectdiscovery/nuclei\n- https://github.com/codingo/Reconnoitre\n- https://github.com/six2dez/reconftw\n- https://github.com/Tib3rius/AutoRecon\n- https://github.com/003random/003Recon\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F9oelm%2Fatm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F9oelm%2Fatm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F9oelm%2Fatm/lists"}