Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs or it’s own disocovered URLs to find such parameter names and the risks commonly associated with them. Parth is designed to aid web security testing by helping in prioritization of components for testing.
Usage
This option works for all 3 supported import types: Burp Suite history, newline delimited text file or a HTTP request text file.
python3 parth.py -i example.history
This option will make use of CommonCrawl, Open Threat Exchange and Waybackmachine to find URLs of the target domain.
python3 parth.py -t example.com
Same parameter names across all URLs are ignored.
python3 parth.py -ut example.com
Save Parameter Names
This option will write all the parameter names found in a file with name params-{target}.txt for later use.
python3 parth.py -pt example.com
The following command will save the result as a JSON object in the specified file.
python3 parth.py -t example.com -o example.json
Credits
The database of parameter names and the risks associated with them is mainly created from the public work of various people of the community.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…