ParamSpider is a mining parameters from dark corners of web archives.
Features
Usage
Note : Use python 3.7+
$ git clone https://github.com/devanshbatham/ParamSpider
$ cd ParamSpider
$ pip3 install -r requirements.txt
$ python3 paramspider.py –domain hackerone.com
Usage Options
1 – For a simple scan [without the –exclude parameter]
$ python3 paramspider.py –domain hackerone.com
->Output ex : https://hackerone.com/test.php?q=FUZZ
2 – For excluding urls with specific extensions
$ python3 paramspider.py –domain hackerone.com –exclude php,jpg,svg
3 – For finding nested parameters
$ python3 paramspider.py –domain hackerone.com –level high
->Output ex : https://hackerone.com/test.php?p=test&q=FUZZ
4 – Saving the results
$ python3 paramspider.py –domain hackerone.com –exclude php,jpg –output hackerone.txt
5 – Using with a custom placeholder text (default is FUZZ), e.g. don’t add a placeholder
$ python3 paramspider.py –domain hackerone.com –placeholder FUZZ2
6 – Using the quiet mode (without printing the URLs on screen)
$ python3 paramspider.py –domain hackerone.com –quiet
7 – Exclude subdomains [for parameters from domain+subdomains, do not specify this argument]
$ python3 paramspider.py –domain hackerone.com –subs False
Also Read – InQL : A Burp Extension For GraphQL Security Testing
ParamSpider+GF (for massive pwnage)
Lets say you have already installed the tool and now you want to filter out the juicy parameters from plethora of parameters. No worries you can easily do it using GF(by tomnomnom) .
Note : Make sure you have go properly installed on your machine .
Follow along this :
$ go get -u github.com/tomnomnom/gf
$ cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf
Note : Replace ‘/User/levi/go/bin/gf’ with the path where gf binary is located in your system.
$ alias gf=’/User/levi/go/bin/gf’
$ cd ~/.gf/
Note : Paste JSON files(https://github.com/devanshbatham/ParamSpider/tree/master/gf_profiles) in ~/.gf/ folder
Now run ParamSpider and navigate to the output directory
$ gf redirect domain.txt //for potential open redirect/SSRF parameters
$ gf xss domain.txt //for potential xss vulnerable parameters
$ gf potential domain.txt //for xss + ssrf + open redirect parameters
$ gf wordpress domain.txt //for wordpress urls
[More GF profiles to be added in future]
Example
$ python3 paramspider.py –domain bugcrowd.com –exclude woff,css,js,png,svg,php,jpg –output bugcrowd.txt
Note : As it fetches the parameters from web archive data ,so chances of false positives are high.
Twitter : 0xAsm0d3us
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…