NicPWNs/TheTimeMachine
Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not
π TheTimeMachine v3.0 - Weaponizing Wayback for Recon, BugBounties, OSINT & More!
Youβve heard of time travel in movies and comics, right? Well, this isnβt fiction anymore π. TheTimeMachine lets you dig through the past of any web app by scraping archived URLs from the Wayback Machine β and helps you find sensitive, forgotten, or deprecated endpoints for further exploitation.
Whether youβre into bug bounty, red teaming, or just love good olβ recon, this tool was built to make my recon workflow faster, cleaner, and more effective. No more juggling multiple scripts β TheTimeMachine does it all in one shot.
𧩠Featured At
| Conference | Year | Track / Showcase | |
|---|---|---|---|
| Defcon33- Las Vegas, NV | 2025 | Demo Labs |  |
| BSides Mumbai | 2025 | Tools Arsenal Showcase |  |
| OSINT Conference | 2025 | OSINT Conference |  |
| Null Bangalore Γ OWASP Bangalore | 2025 | Monthly Meetup |  |
| Null Bangalore Γ OWASP Bangalore | 2025 | Conference |  |
| Announcing Soon! | 20XX | Announcing Soon! |  |
π‘ What It Does
This isn't just another Wayback scraper. Here's what TheTimeMachine brings to the table:
- π Archived URL Fetching β Pull historical URLs from Wayback Machine.
- πΎ Backup File Detection β Find
.zip,.bak,.sql,.tar.gz,.old, and other juicy files. - βοΈ Historical Backups - Looks for historical backups for the identified backup files.
- βοΈ Attack Mode β Scan for vulnerable endpoints using patterns/signatures:
- XSS
- SQLi
- LFI
- Open Redirects
- WordPress Vulns
- JIRA-based misconfig
- π§ GET Parameter Mapping β Map every GET parameter to where it appears. (Great for fuzzing automation.)
- π§ͺ JWT Detection β Detect and decode JWTs embedded in archived URLs.
- π Directory Listing Detection β Find open indexed directories.
- π΅οΈ Subdomain Enumeration β Pull subdomains seen in archived data.
- π Keyword Search β Search custom keywords like
config,backup,.log, etc. - 𧩠Custom Payload Lists β Use your own fuzz list or signatures for custom scans.
βοΈ Installation
Tested on Python 3 across Ubuntu/Kali/Windows.
git clone https://github.com/anmolksachan/TheTimeMachinecd TheTimeMachinepip3 install -r requirements.txtπ Usage
python3 thetimemachine.py <target.com> [OPTIONS]Note: Don't use http:// or https:// in the domain β just pass domain.com or sub.domain.com.
π Options
| Option | Description |
|---|---|
--fetch |
Fetch archived URLs from Wayback |
--backups |
Scan for exposed backup/config files |
--attack [type] |
Run attack mode (xss, sqli, lfi, redirect, jira, wp, custom) |
--jwt |
Detect & decode JWT tokens |
--subdomains |
Extract subdomains from historical URLs |
--parameters |
Extract GET parameters & map them to URLs |
--listings |
Detect open directory listings |
π Example Workflows
Fetch all Wayback URLs
python3 thetimemachine.py example.com --fetchLook for exposed backup files
python3 thetimemachine.py example.com --backupsLook for directory listing
python3 thetimemachine.py example.com --listingsScan for possible XSS points
python3 thetimemachine.py example.com --attack xssMap parameters from archived data
python3 thetimemachine.py example.com --parametersExtract JWTs
python3 thetimemachine.py example.com --jwtAnd much more
usage: thetimemachine.py [-h] [--fetch] [--jwt] [--backups] [--subdomains] [--listings] [--attack {xss,sqli,lfi,redirect,jira,wp,fuzz}] [--menu]
[--parameters]
targetπ Output Structure
All results are neatly saved under the content/ directory:
content/
βββ example.com/
βββ example.com_URLs.txt
βββ example.com_xss.txt
βββ example.com_sqli.txt
βββ example.com_parameters.txt
βββ example.com_subdomain.txt
βββ ...
βοΈ Add Your Own Payloads
You can fully customize the payloads for XSS, SQLi, fuzzing, etc. Just edit the respective .txt files inside the repo and fire away!
π§ Why I Built This
I'm not a full-time bug bounty hunter, but I needed a tool thatβd do fast recon, find juicy endpoints, and give me enough leads to manually dig deeper. Got my HOF on multiple VDPs and bugbounty, including NOKIA, Mediatek, and more.
πΈ Demo
TheTimeMachine.v3.0.Demo_compressed.mp4
Note: This is just a demo and doesn't cover full potential of the tool.
π Shoutouts
π Blogs
- The Time Machine β Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not v1.0
- Time Traveling for Bugs: How The Time Machine v3.0 Uncovered an XSS on REDACTED.com
- How βThe Time Machine v3.0β Landed Me in the CERT-In Hall of Fame
π Community
- Simple Recon on Android using TheTimeMachine + Dirsearch (Medium)
- Michel Kartner β YouTube
- @cyb_detectiveβs Tweet
- @cyb_detectiveβs Tweet v3.0
- The Ultimate Guide to the Time Machine Way Back URL Crawler for OSINT
- OSINT resources
- Cyber Detective's OSINT tools collection
- Unlock the Full Potential of the Wayback Machine for Bug Bounty
- TheTimeMachine for Bug Bounties & OSINT
π¬ Contact
DMs are open β reach out to me on @FR13ND0x7F
βοΈ Support
If this tool helped you, drop a star on the repo or follow me on Twitter β thatβs all I ask π
π¨βπ» Author
Author: Anmol K. Sachan | Twitter/ X: @FR13ND0x7F
Co-author: Chaudhary_S4h4b | Twitter/ X: @Chaudhary_S4h4b
βοΈ Issues
Version 3.0 is under development. If you see any issues please open an issues and we are happy to take a look and fix that.
--menuwork is under progress you can directly use--attackinstead.listingsenhanced detection capability with aggresive mode.