The Time Machine – Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not


Detailed Description about this can be found here :

Read Blog here : Will write blog soon, if you wrote DM me with link ?


I have created this tool for making my work easier when it comes to recon and fetching sensitive endpoints for sensitive data exposure and further exploitation using waybackurls and sorting for Sensitive endpoints, it has also option to look for sensitive endpoints for information disclosure, It has have more capabilities like looking for possible endpoints vulnerable to XSS, LFI, JIRA Based Vulnerability, Open Redirection.

I’m not too much into bug bounty but recently found P1 with The Time Machine :

It worked on multiple bug bounty program, reports are still under review ?

How to install and use

Note : Tested with python3 on Ubuntu/Kali

$ git clone
$ cd TheTimeMachine
$ pip3 install -m requirements.txt
$ python

Example Run :

Note : Entered URL must look like or no http or https is required

$ python
$ python
.. .. .. .. 
.. .. .. .. 

enter image description here

Add your own list of payloads

you can edit multiple available payloads and Fuzz , 
Add your own in the interested text file !


Shoot my DM : @FR13ND0x7F

Special Thanks


Want to support my work?

Give me a Star in the repository, thats enough for me ?


View Github