Parth : Heuristic Vulnerable Parameter Scanner

Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs or it’s own disocovered URLs to find such parameter names and the risks commonly associated with them. Parth is designed to aid web security testing by helping in prioritization of components for testing.

Usage

  • Import targets from a file

This option works for all 3 supported import types: Burp Suite history, newline delimited text file or a HTTP request text file.

python3 parth.py -i example.history

  • Find URLs for a domain

This option will make use of CommonCrawl, Open Threat Exchange and Waybackmachine to find URLs of the target domain.

python3 parth.py -t example.com

  • Ignore duplicate parameter names

Same parameter names across all URLs are ignored.

python3 parth.py -ut example.com

Save Parameter Names

This option will write all the parameter names found in a file with name params-{target}.txt for later use.

python3 parth.py -pt example.com

  • JSON Output

The following command will save the result as a JSON object in the specified file.

python3 parth.py -t example.com -o example.json

Credits

The database of parameter names and the risks associated with them is mainly created from the public work of various people of the community.

R K

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

7 hours ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

7 hours ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

9 hours ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

12 hours ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

12 hours ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

1 day ago