GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → R0X4R → bhedak

R0X4R / bhedak

Licence: MIT license
A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

regexbugbountybash-scriptpython-regex

Projects that are alternatives of or similar to bhedak

Quickxss
Automating XSS using Bash
Stars: ✭ 113 (+46.75%)
Mutual labels:  bugbounty, bash-script
Pinaak
A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (-10.39%)
Mutual labels:  bugbounty, bash-script
Zile
Extract API keys from file or url using by magic of python and regex.
Stars: ✭ 61 (-20.78%)
Mutual labels:  regex, bugbounty
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+116.88%)
Mutual labels:  bugbounty, bash-script
Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (+137.66%)
Mutual labels:  bugbounty, bash-script
dora
Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (+197.4%)
Mutual labels:  regex, bugbounty
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+520.78%)
Mutual labels:  bugbounty, bash-script
AutomateWithPython
If you've ever spent hours renaming files or updating hundreds of spreadsheet cells, you know how tedious tasks like these can be. But what if you could have your computer do them for you? In Automate the Boring Stuff with Python, you'll learn how to use Python to write programs that do in minutes what would take you hours to do by hand-no prior…
Stars: ✭ 22 (-71.43%)
Mutual labels:  regex
regexp-expand
Show the ELisp regular expression at point in rx form.
Stars: ✭ 18 (-76.62%)
Mutual labels:  regex
parse-author
Parse a person, author, contributor or maintainer string into an object with name, email and url properties following NPM conventions. Useful for the `authors` property in package.json or for parsing an AUTHORS file into an array of person objects.
Stars: ✭ 23 (-70.13%)
Mutual labels:  regex
BlueRDPSploit
Auto IP range scanner & exploit tool for BlueKeep metasploit module
Stars: ✭ 21 (-72.73%)
Mutual labels:  bash-script
github-endpoints
Find endpoints on GitHub.
Stars: ✭ 118 (+53.25%)
Mutual labels:  bugbounty
SuperLibrary
Information Security Library
Stars: ✭ 60 (-22.08%)
Mutual labels:  bugbounty
Regex
🔤 Swifty regular expressions
Stars: ✭ 311 (+303.9%)
Mutual labels:  regex
IronRure
.NET Bindings to the Rust Regex Crate
Stars: ✭ 16 (-79.22%)
Mutual labels:  regex
tree-sitter-regex
Tree-sitter parser for regular expressions
Stars: ✭ 42 (-45.45%)
Mutual labels:  regex
termco
Regular Expression Counts of Terms and Substrings
Stars: ✭ 24 (-68.83%)
Mutual labels:  regex
iOS-AirPrint-for-Mac
enable iOS Airprint Sharing on Mac OS
Stars: ✭ 24 (-68.83%)
Mutual labels:  bash-script
shell-loader
A Webpack loader that runs an arbitrary script on matching files
Stars: ✭ 18 (-76.62%)
Mutual labels:  bash-script
simplematch
Minimal, super readable string pattern matching for python.
Stars: ✭ 147 (+90.91%)
Mutual labels:  regex
View All Similar Projects ➔

Bhedak

A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every OS. Made with python

Installation


$ pip3 install bhedak
$ wget -O bhedak https://raw.githubusercontent.com/R0X4R/bhedak/main/bhedak.py -q && chmod +x bhedak && mv bhedak /usr/bin/

Usage


  • For linux, unix and debian based systems

    linux

    $ waybackurls target.tld | bhedak "payload"

  • For windows based systems

    windows

    cmd> type urls.txt | python bhedak.py "payload"

  • If no payload passed

    $ waybackurls subdomain.target.tld | bhedak

http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ

  • Example input file

    $ waybackurls subdomain.target.tld | tee -a urls

http://subdomain.target.tld/comment.php?pid=username&user=1
http://subdomain.target.tld/disclaimer.php=1
http://subdomain.target.tld/hpp/index.php?pp=12
http://subdomain.target.tld/hpp/?pp=12&user=5

  • Replace query string values

    $ cat urls | bhedak "FUZZ"

http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ

  • Replace query string with custom payloads

    $ cat urls | bhedak "\"><svg/onload=alert(1)>*'/---+{{7*7}}"

http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D

  • Remove duplicate urls

    $ cat urls | bhedak "FUZZ" | sort -u

http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ

  • Comparsion



    $ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ"
http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ

$ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | bhedak "FUZZ"
http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ?hardwareid=FUZZ&tarifid=FUZZ

Donate

If this tool helped you or you like my work




Thanks to @tomnomnom for making an amazing tool called qsreplace, from using qsreplace I got idea to make bhedak

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].