TheTimeMachine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Last update: Dec 29, 2022

Overview

The Time Machine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Detailed Description about this can be found here :

Read Blog here : Will write blog soon, if you wrote DM me with link :)

Introduction

I have created this tool for making my work easier when it comes to recon and fetching sensitive endpoints for sensitive data exposure and further exploitation using waybackurls and sorting for Sensitive endpoints, it has also option to look for sensitive endpoints for information disclosure, It has have more capabilities like looking for possible endpoints vulnerable to XSS, LFI, JIRA Based Vulnerability, Open Redirection.

I'm not too much into bug bounty but recently found P1 with The Time Machine : https://bugcrowd.com/H4CK3R/crowdstream

It worked on multiple bug bounty program, reports are still under review :P

How to install and use

Note : Tested with python3 on Ubuntu/Kali

$ git clone https://github.com/anmolksachan/TheTimeMachine
$ cd TheTimeMachine
$ pip3 install -m requirements.txt
$ python thetimemachine.py

Example Run :

Note : Entered URL must look like domain.com or subdomain.domain.com no http or https is required

$ python thetimemachine.py domain.com
$ python thetimemachine.py subdomain.domain.com
.. .. .. .. 
.. .. .. .. 
AND SO ON

Add your own list of payloads

you can edit multiple available payloads and Fuzz , 
Add your own in the interested text file !

Contact

Shoot my DM : @FR13ND0x7F

Special Thanks

@nihitjain11

Want to support my work?

Give me a Star in the repository, thats enough for me :P

This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

57 Dec 18, 2022

Script for polybar to display and control media(not only Spotify) using DBus.

polybar-now-playing Script for polybar to display and control media(not only Spotify) using DBus Python script to display and control current playing

48 Dec 31, 2022

CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targetAccountIds attribute of the EC2 Image Builder AMI distribution settings which is not currently supported (as of October 2021) in CloudFormation or CDK.

ec2-imagebuilder-ami-share CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targe

2 Oct 22, 2022

A wrapper for The Movie Database API v3 and v4 that only uses the read access token (not api key).

fulltmdb A wrapper for The Movie Database API v3 and v4 that only uses the read access token (not api key). Installation Use the package manager pip t

2 Sep 26, 2021

Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

Member-Booster Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

1 Dec 28, 2021

CLI tool that checks who does and who does not follow you back on Instagram

CLI tool that checks who does and who does not follow you back on Instagram. It also checks who you don't follow back on Instagram.

3 Dec 2, 2022

Python JIRA Library is the easiest way to automate JIRA. Support for py27 was dropped on 2019-10-14, do not raise bugs related to it.

Jira Python Library This library eases the use of the Jira REST API from Python and it has been used in production for years. As this is an open-sourc

1.7k Jan 6, 2023

AHA is an incident management & communication framework to provide real-time alert customers when there are active AWS event(s). For customers with AWS Organizations, customers can get aggregated active account level events of all the accounts in the Organization. Customers not using AWS Organizations still benefit alerting at the account level.

Table of Contents Introduction Architecture Configuring an Endpoint Creating a Amazon Chime Webhook URL Creating a Slack Webhook URL Creating a Micros

215 Dec 23, 2022

Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.

PyPhisher [+] Created By KasRoudra [+] Description : Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, gi

1.1k Jan 1, 2023

Comments

Error Msg SSLError

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request six.raise_from(e, None) File "", line 3, in raise_from File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request httplib_response = conn.getresponse() File "/usr/lib/python3.9/http/client.py", line 1377, in getresponse response.begin() File "/usr/lib/python3.9/http/client.py", line 320, in begin version, status, reason = self._read_status() File "/usr/lib/python3.9/http/client.py", line 281, in _read_status line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1") File "/usr/lib/python3.9/socket.py", line 704, in readinto return self._sock.recv_into(b) File "/usr/lib/python3.9/ssl.py", line 1241, in recv_into return self.read(nbytes, buffer) File "/usr/lib/python3.9/ssl.py", line 1099, in read return self._sslobj.read(len, buffer) ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:2633)

opened by qusaialhaddad 1

Releases(2.0)

2.0(Jan 23, 2022)
V2.0

Fixed Issue

SSL Check

WP Endpoint Search

Custom Search of endpoints

Fetch Parameters from a file

Updated folder structure

Learned a little bit exception handling while this process xD

Source code(tar.gz)
Source code(zip)
TheTimeMachine.v2.1.zip(909.97 KB)
1.0(Jan 25, 2022)
Features

Search for /api/ endpoint

Search for JSON endpoint

Fetch possible Conf(configuration) endpoint

All Possible Sensitive instances in URL from TheTimeMachine (Searches from Fuzz List) or can also Add your own Custom List

Fetches subdomains from waybackurl

Search Custom keyword of your choice Eg. backup, .log etc.

Attack Mode ( Searched for vulnerable possible endpoints for SQLi, LFI, XSS, Open Redirect, JIRA Based Vulnerability.

You can manually edit all the files that searched for XSS, LFI, Fuzz etc.

Source code(tar.gz)
Source code(zip)

Owner

Anmol K Sachan

La plus belle des ruses du diable est de vous persuader qu'il n'existe pas || Cyber Security Analyst

GitHub Repository

A python crypto trading bot on Binance using RSI in 25 Lines 🚀

RSI Crypto Trading Bot - Binance A Crypto Trading Bot on Binance trading BTCUSDT and ETHUSDT using RSI in 25 Lines of Code Getting Started Note Python

10 Dec 26, 2022

Bot made by BLACKSTORM[BM] Contact Us - t.me/BLACKSTORM18

ᴡʜᴀᴛ ɪs ᴊᴀʀᴠɪs sᴇᴄᴜʀɪᴛʏ ʙᴏᴛ ᴊᴀʀᴠɪs ʙᴏᴛ ɪs ᴛᴇʟᴇɢʀᴀᴍ ɢʀᴏᴜᴘ ᴍᴀɴᴀɢᴇʀ ʙᴏᴛ ᴡɪᴛʜ ᴍᴀɴʏ ғᴇᴀᴛᴜʀᴇs. ᴛʜɪs ʙᴏᴛ ʜᴇʟᴘs ʏᴏᴜ ᴛᴏ ᴍᴀɴᴀɢᴇ ʏᴏᴜʀ ɢʀᴏᴜᴘs ᴇᴀsɪʟʏ. ᴏʀɪɢɪɴᴀʟʟʏ ᴀ

1 Dec 11, 2021

1.本项目采用Python Flask框架开发提供(应用管理,实例管理,Ansible管理,LDAP管理等相关功能)

op-devops-api 1.本项目采用Python Flask框架开发提供(应用管理,实例管理,Ansible管理,LDAP管理等相关功能) 后端项目配套前端项目为:op-devops-ui jenkinsManager 一.插件python-jenkins bug修复 (1).插件版本 pyt

3 Nov 12, 2021

API RestFull web de pontos turisticos de certa região

##RESTful Web API para exposição de pontos turísticos de uma região## Propor um novo ponto turístico Moderação dos pontos turísticos cadastrados Lista

2 Jan 28, 2022

Python client and module for BGP Ranking

Python client and module for BGP Ranking THis project will make querying BGP Ranking easier. Installation pip install pybgpranking Usage Command line

3 Dec 16, 2021

Automatically Forward files from groups to channel & FSub

Backup & ForceSub Automatically Forward files from groups to channel & Do force sub on members Variables API_ID : Get from my.telegram.org API_HASH :

7 Nov 06, 2022

Network simulation tools

Overview I'm building my network simulation environments with Vagrant using libvirt plugin on a Ubuntu 20.04 system... and I always hated how boring i

219 Jan 07, 2023

NFT Generator: A modular NFT generator application

NFT Generator A simple passion project done with the role to learn a bit about h

2 Aug 30, 2022

Userbot Telegram dengan Telethon

FLICKS - UBOT Repo FLICKS UBOT Repo Yang Dibuat Oleh Rizzz Dari beberapa Repo Yang Ada Di Github. Generate String Using Replit ⤵️ DEPLOY TO HEROKU Sup

14 May 16, 2022

Make your Pass (sanitaire) Fun Again

Make Your Pass (Sanitaire) Fun Again Customize your Pass Sanitaire (French name for EU digital Covide19 Certificate) with colors and images, thus make

101 Dec 01, 2022

Another Autoscaler is a Kubernetes controller that automatically starts, stops, or restarts pods from a deployment at a specified time using a cron annotation.

Another Autoscaler Another Autoscaler is a Kubernetes controller that automatically starts, stops, or restarts pods from a deployment at a specified t

66 Nov 19, 2022

TheTimeMachine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Related tags

Overview

The Time Machine - Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Detailed Description about this can be found here :

Introduction

How to install and use

Add your own list of payloads

Contact

Special Thanks

Want to support my work?

You might also like...

This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

Script for polybar to display and control media(not only Spotify) using DBus.

CloudFormation template and CDK stack that contains a CustomResource with Lambda function to allow the setting of the targetAccountIds attribute of the EC2 Image Builder AMI distribution settings which is not currently supported (as of October 2021) in CloudFormation or CDK.

A wrapper for The Movie Database API v3 and v4 that only uses the read access token (not api key).

Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

CLI tool that checks who does and who does not follow you back on Instagram

Python JIRA Library is the easiest way to automate JIRA. Support for py27 was dropped on 2019-10-14, do not raise bugs related to it.

Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.

Comments

Error Msg SSLError

Releases(2.0)

2.0(Jan 23, 2022)

V2.0

1.0(Jan 25, 2022)

Features

Owner

Anmol K Sachan

A python crypto trading bot on Binance using RSI in 25 Lines 🚀

Bot made by BLACKSTORM[BM] Contact Us - t.me/BLACKSTORM18

1.本项目采用Python Flask框架开发提供(应用管理,实例管理,Ansible管理,LDAP管理等相关功能)

API RestFull web de pontos turisticos de certa região

Python client and module for BGP Ranking

Automatically Forward files from groups to channel & FSub

Network simulation tools

NFT Generator: A modular NFT generator application

Userbot Telegram dengan Telethon

Make your Pass (sanitaire) Fun Again

Another Autoscaler is a Kubernetes controller that automatically starts, stops, or restarts pods from a deployment at a specified time using a cron annotation.

𝐀 𝐦𝐨𝐝𝐮𝐥𝐚𝐫 𝐓𝐞𝐥𝐞𝐠𝐫𝐚𝐦 𝐆𝐫𝐨𝐮𝐩 𝐦𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐛𝐨𝐭 𝐰𝐢𝐭𝐡 𝐮𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐟𝐞𝐚𝐭𝐮𝐫𝐞𝐬 !!

⚡ Yuriko Robot ⚡ - A Powerful, Smart And Simple Group Manager Written with AioGram , Pyrogram and Telethon

Telegram vc userbot

Ini Hanya Shortcut Untuk Menambahkan Kunci Tambahan Pada Termux & Membantu Para Nub Yang Decode Script Orang:v

Create a Neo4J graph of users and roles trust policies within an AWS Organization.

A pdisk uploader bot written in Python

The Fasted Proxyless Multi-Threaded Discord Call Crasher

Python client for the LightOn Muse API

A WhatsApp Crashing Tool for Termux