Categories: Kali Linux

ParamSpider : Mining Parameters From Dark Corners Of Web Archives

ParamSpider is a mining parameters from dark corners of web archives.

Features

  • Finds parameters from web archives of the entered domain.
  • Finds parameters from subdomains as well.
  • Gives support to exclude urls with specific extensions.
  • Saves the output result in a nice and clean manner.
  • It mines the parameters from web archives (without interacting with the target host)

Usage

Note : Use python 3.7+

$ git clone https://github.com/devanshbatham/ParamSpider
$ cd ParamSpider
$ pip3 install -r requirements.txt
$ python3 paramspider.py –domain hackerone.com

Usage Options

1 – For a simple scan [without the –exclude parameter]
$ python3 paramspider.py –domain hackerone.com
->Output ex : https://hackerone.com/test.php?q=FUZZ

2 – For excluding urls with specific extensions
$ python3 paramspider.py –domain hackerone.com –exclude php,jpg,svg

3 – For finding nested parameters
$ python3 paramspider.py –domain hackerone.com –level high
->Output ex : https://hackerone.com/test.php?p=test&q=FUZZ

4 – Saving the results
$ python3 paramspider.py –domain hackerone.com –exclude php,jpg –output hackerone.txt

5 – Using with a custom placeholder text (default is FUZZ), e.g. don’t add a placeholder
$ python3 paramspider.py –domain hackerone.com –placeholder FUZZ2

6 – Using the quiet mode (without printing the URLs on screen)
$ python3 paramspider.py –domain hackerone.com –quiet

7 – Exclude subdomains [for parameters from domain+subdomains, do not specify this argument]
$ python3 paramspider.py –domain hackerone.com –subs False

Also Read – InQL : A Burp Extension For GraphQL Security Testing

ParamSpider+GF (for massive pwnage)

Lets say you have already installed the tool and now you want to filter out the juicy parameters from plethora of parameters. No worries you can easily do it using GF(by tomnomnom) .

Note : Make sure you have go properly installed on your machine .

Follow along this :

$ go get -u github.com/tomnomnom/gf
$ cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf

Note : Replace ‘/User/levi/go/bin/gf’ with the path where gf binary is located in your system.

$ alias gf=’/User/levi/go/bin/gf’
$ cd ~/.gf/

Note : Paste JSON files(https://github.com/devanshbatham/ParamSpider/tree/master/gf_profiles) in ~/.gf/ folder

Now run ParamSpider and navigate to the output directory

$ gf redirect domain.txt //for potential open redirect/SSRF parameters
$ gf xss domain.txt //for potential xss vulnerable parameters
$ gf potential domain.txt //for xss + ssrf + open redirect parameters
$ gf wordpress domain.txt //for wordpress urls

[More GF profiles to be added in future]

Example

$ python3 paramspider.py –domain bugcrowd.com –exclude woff,css,js,png,svg,php,jpg –output bugcrowd.txt

Note : As it fetches the parameters from web archive data ,so chances of false positives are high.

Twitter : 0xAsm0d3us

R K

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

2 days ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

2 days ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

2 days ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

2 days ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

2 days ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

3 days ago