https://github.com/anmolksachan/TheTimeMachine

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not
https://github.com/anmolksachan/TheTimeMachine

automate bugbounty fuzzer fuzzing jira lfi openredirect osint parameter scanner xss

Last synced: 2 months ago
JSON representation

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

• Host: GitHub
• URL: https://github.com/anmolksachan/TheTimeMachine
• Owner: anmolksachan
• License: gpl-3.0
• Created: 2022-01-23T17:34:25.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2025-08-18T05:58:09.000Z (3 months ago)
• Last Synced: 2025-08-18T07:26:59.734Z (3 months ago)
• Topics: automate, bugbounty, fuzzer, fuzzing, jira, lfi, openredirect, osint, parameter, scanner, xss
• Language: Python
• Homepage: https://anmolksachan.medium.com/the-time-machine-weaponizing-waybackurls-for-recon-bugbounties-osint-sensitive-endpoints-and-40889a03feeb
• Size: 935 KB
• Stars: 436
• Watchers: 7
• Forks: 66
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - anmolksachan/TheTimeMachine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not (Python)
• osint_stuff_tool_collection - The Time Machine - fetches subdomains from waybackurl; - search for /api/JSON/Configuration endpoints and many more (view pic) | ([](#table-of-contents) Table of contents / [](#tools-for-working-with-web-archives)Tools for working with web archives)
• awesome - anmolksachan/TheTimeMachine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not (Python)

README

          
---

# 🚀 TheTimeMachine v3.0 - Weaponizing Wayback for Recon, BugBounties, OSINT & More!

![image](https://github.com/user-attachments/assets/e99eb95e-f46e-4b97-8d2a-83bac89d0447)

You’ve heard of time travel in movies and comics, right? Well, this isn’t fiction anymore 😎. *TheTimeMachine* lets you dig through the past of any web app by scraping archived URLs from the Wayback Machine — and helps you find sensitive, forgotten, or deprecated endpoints for further exploitation.

Whether you’re into bug bounty, red teaming, or just love good ol’ recon, this tool was built to make my recon workflow faster, cleaner, and more effective. No more juggling multiple scripts — TheTimeMachine does it all in one shot.

---

## 🧩 Featured At

| Conference        | Year | Track / Showcase         |    |

|-------------------|------|---------------------------|---|

| [Defcon33- Las Vegas, NV](https://defcon.org/html/defcon-33/dc-33-demolabs.html#content_60874) | 2025 | Demo Labs |  |

| [BSides Mumbai](https://www.linkedin.com/feed/update/urn:li:activity:7339908506176618497/) | 2025 | Tools Arsenal Showcase ||

| [OSINT Conference](https://osintconference.com/speakers) | 2025 | OSINT Conference |  |

| [Announcing Soon!](#) | 20XX | Announcing Soon! | |

---

## 💡 What It Does

This isn't just another Wayback scraper. Here's what TheTimeMachine brings to the table:

- 🔎 **Archived URL Fetching** – Pull historical URLs from Wayback Machine.

- 💾 **Backup File Detection** – Find `.zip`, `.bak`, `.sql`, `.tar.gz`, `.old`, and other juicy files.

- ⚙️ **Historical Backups** - Looks for historical backups for the identified backup files.

- ⚔️ **Attack Mode** – Scan for vulnerable endpoints using patterns/signatures:

  - XSS

  - SQLi

  - LFI

  - Open Redirects

  - WordPress Vulns

  - JIRA-based misconfig

- 🧠 **GET Parameter Mapping** – Map every GET parameter to where it appears. (Great for fuzzing automation.)

- 🧪 **JWT Detection** – Detect and decode JWTs embedded in archived URLs.

- 📁 **Directory Listing Detection** – Find open indexed directories.

- 🕵️ **Subdomain Enumeration** – Pull subdomains seen in archived data.

- 🔍 **Keyword Search** – Search custom keywords like `config`, `backup`, `.log`, etc.

- 🧩 **Custom Payload Lists** – Use your own fuzz list or signatures for custom scans.

---

## ⚙️ Installation

Tested on **Python 3** across Ubuntu/Kali/Windows.

```bash

git clone https://github.com/anmolksachan/TheTimeMachine

````

```bash

cd TheTimeMachine

````

```bash

pip3 install -r requirements.txt

````

---

## 🚀 Usage

```bash

python3 thetimemachine.py  [OPTIONS]

```

**Note:** Don't use `http://` or `https://` in the domain — just pass `domain.com` or `sub.domain.com`.

---

## 📋 Options

| Option            | Description                                                  |

| ----------------- | ------------------------------------------------------------ |

| `--fetch`         | Fetch archived URLs from Wayback                             |

| `--backups`       | Scan for exposed backup/config files                         |

| `--attack [type]` | Run attack mode (xss, sqli, lfi, redirect, jira, wp, custom) |

| `--jwt`           | Detect & decode JWT tokens                                   |

| `--subdomains`    | Extract subdomains from historical URLs                      |

| `--parameters`    | Extract GET parameters & map them to URLs                    |

| `--listings`      | Detect open directory listings                               |

---

## 🔁 Example Workflows

#### Fetch all Wayback URLs

```bash

python3 thetimemachine.py example.com --fetch

```

#### Look for exposed backup files

```bash

python3 thetimemachine.py example.com --backups

```

#### Look for directory listing

```bash

python3 thetimemachine.py example.com --listings

```

#### Scan for possible XSS points

```bash

python3 thetimemachine.py example.com --attack xss

```

#### Map parameters from archived data

```bash

python3 thetimemachine.py example.com --parameters

```

### Extract JWTs

```bash

python3 thetimemachine.py example.com --jwt

```

### And much more

```bash

usage: thetimemachine.py [-h] [--fetch] [--jwt] [--backups] [--subdomains] [--listings] [--attack {xss,sqli,lfi,redirect,jira,wp,fuzz}] [--menu]

                         [--parameters]

                         target

```

---

## 📁 Output Structure

All results are neatly saved under the `content/` directory:

```

content/

└── example.com/

    ├── example.com_URLs.txt

    ├── example.com_xss.txt

    ├── example.com_sqli.txt

    ├── example.com_parameters.txt

    ├── example.com_subdomain.txt

    └── ...

```

---

## ✍️ Add Your Own Payloads

You can fully customize the payloads for XSS, SQLi, fuzzing, etc. Just edit the respective `.txt` files inside the repo and fire away!

---

## 🧠 Why I Built This

I'm not a full-time bug bounty hunter, but I needed a tool that’d do fast recon, find juicy endpoints, and give me enough leads to manually dig deeper. Got my HOF on multiple VDPs and bugbounty, including **NOKIA**, **Mediatek**, and more. 

---

## 📸 Demo

https://github.com/user-attachments/assets/e07155ed-52b5-45e4-91aa-297a5caeac3a

#### Note: This is just a demo and doesn't cover full potential of the tool.

---

## 🙌 Shoutouts

* [@nihitjain11](https://github.com/nihitjain11)

* [@Shivam Saraswat](https://github.com/shivamsaraswat)

* [@thecyberneh](https://github.com/thecyberneh$0)

* [PushkraJ99](https://github.com/PushkraJ99$0)

---

## 📝 Blogs

1. [The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not v1.0](https://medium.com/@anmolksachan/the-time-machine-weaponizing-waybackurls-for-recon-bugbounties-osint-sensitive-endpoints-and-40889a03feeb)

2. [Time Traveling for Bugs: How The Time Machine v3.0 Uncovered an XSS on REDACTED.com](https://medium.com/@anmolksachan/time-traveling-for-bugs-how-the-time-machine-uncovered-an-xss-on-redacted-com-92e3662a50e4)

---

## 🌎 Community

1. [Simple Recon on Android using TheTimeMachine + Dirsearch (Medium)](https://alpinnnnnn13.medium.com/simple-recon-di-android-menggunakan-tools-thetimemachine-dan-dirsearch-3384aad17c15)

2. [Michel Kartner – YouTube](https://youtu.be/gh2DdRjK4BY?t=1888)

3. [@cyb\_detective’s Tweet](https://x.com/cyb_detective/status/1581324309108510721)

4. [@cyb\_detective’s Tweet v3.0](https://x.com/cyb_detective/status/1943789270726324606)

5. [The Ultimate Guide to the Time Machine Way Back URL Crawler for OSINT](https://www.youtube.com/watch?v=eguWHDfV-W0)

6. [OSINT resources](https://sizeof.cat/post/osint-resources/)

7. [Cyber Detective's OSINT tools collection](https://github.com/cipher387/osint_stuff_tool_collection)

8. [Unlock the Full Potential of the Wayback Machine for Bug Bounty](https://infosecwriteups.com/unlock-the-full-potential-of-the-wayback-machine-for-bug-bounty-8b6f57e2637d)

9. [TheTimeMachine for Bug Bounties & OSINT](https://medium.com/@XEyeSecurity/thetimemachine-for-bug-bounties-osint-39bded4bc78f)

---

## 📬 Contact

DMs are open – reach out to me on [@FR13ND0x7F](https://twitter.com/fr13nd0x7f)

---

## ⭐️ Support

If this tool helped you, drop a star on the repo or follow me on Twitter — that’s all I ask 😄

---

## 👨‍💻 Author

Author: **Anmol K. Sachan** | Twitter/ X: [@FR13ND0x7F](https://x.com/fr13nd0x7f)


Co-author: **Chaudhary\_S4h4b** | Twitter/ X: [@Chaudhary\_S4h4b](https://x.com/)

---

## ⚒️ Issues

Version 3.0 is under development. If you see any issues please open an issues and we are happy to take a look and fix that.

- `--menu` work is under progress you can directly use `--attack` instead.

- `listings` enhanced detection capability with aggresive mode.

---