devanshbatham / Paramspider
Licence: gpl-3.0
Mining parameters from dark corners of Web Archives
Stars: ✭ 781
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Paramspider
SourceWolf
Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
Stars: ✭ 132 (-83.1%)
Mutual labels: osint, fuzzing, bugbounty
Dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+300%)
Mutual labels: osint, fuzzing
Sonarsearch
A MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-61.97%)
Mutual labels: osint, bugbounty
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-78.62%)
Mutual labels: osint, bugbounty
Metabigor
Intelligence tool but without API key
Stars: ✭ 424 (-45.71%)
Mutual labels: osint, bugbounty
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-45.33%)
Mutual labels: osint, bugbounty
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (-35.08%)
Mutual labels: fuzzing, bugbounty
quick-recon.py
Do some quick reconnaissance on a domain-based web-application
Stars: ✭ 13 (-98.34%)
Mutual labels: osint, bugbounty
nuubi
Nuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (-90.27%)
Mutual labels: osint, bugbounty
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+334.19%)
Mutual labels: osint, bugbounty
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-30.73%)
Mutual labels: osint, bugbounty
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-94.24%)
Mutual labels: osint, bugbounty
ParamSpider : Parameter miner for humans
Key Features :
-
Finds parameters from web archives of the entered domain.
-
Finds parameters from subdomains as well.
-
Gives support to exclude urls with specific extensions.
-
Saves the output result in a nice and clean manner.
-
It mines the parameters from web archives (without interacting with the target host)
Usage instructions :
Note : Use python 3.7+
$ git clone https://github.com/devanshbatham/ParamSpider
$ cd ParamSpider
$ pip3 install -r requirements.txt
$ python3 paramspider.py --domain hackerone.com
Usage options :
1 - For a simple scan [without the --exclude parameter]
$ python3 paramspider.py --domain hackerone.com
-> Output ex : https://hackerone.com/test.php?q=FUZZ
2 - For excluding urls with specific extensions
$ python3 paramspider.py --domain hackerone.com --exclude php,jpg,svg
3 - For finding nested parameters
$ python3 paramspider.py --domain hackerone.com --level high
-> Output ex : https://hackerone.com/test.php?p=test&q=FUZZ
4 - Saving the results
$ python3 paramspider.py --domain hackerone.com --exclude php,jpg --output hackerone.txt
5 - Using with a custom placeholder text (default is FUZZ), e.g. don't add a placeholder
$ python3 paramspider.py --domain hackerone.com --placeholder FUZZ2
6 - Using the quiet mode (without printing the URLs on screen)
$ python3 paramspider.py --domain hackerone.com --quiet
7 - Exclude subdomains [for parameters from domain+subdomains, do not specify this argument]
$ python3 paramspider.py --domain hackerone.com --subs False
ParamSpider + GF (for massive pwnage)
Lets say you have already installed ParamSpider and now you want to filter out the juicy parameters from plethora of parameters. No worries you can easily do it using GF(by tomnomnom) .
Note : Make sure you have go properly installed on your machine .
Follow along this :
$ go get -u github.com/tomnomnom/gf
$ cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf
Note : Replace '/User/levi/go/bin/gf' with the path where gf binary is located in your system.
$ alias gf='/User/levi/go/bin/gf'
$ cd ~/.gf/
Note : Paste JSON files(https://github.com/devanshbatham/ParamSpider/tree/master/gf_profiles) in ~/.gf/ folder
Now run ParamSpider and navigate to the output directory
$ gf redirect domain.txt //for potential open redirect/SSRF parameters
$ gf xss domain.txt //for potential xss vulnerable parameters
$ gf potential domain.txt //for xss + ssrf + open redirect parameters
$ gf wordpress domain.txt //for wordpress urls
[More GF profiles to be added in future]
Example :
$ python3 paramspider.py --domain bugcrowd.com --exclude woff,css,js,png,svg,php,jpg --output bugcrowd.txt
Note :
As it fetches the parameters from web archive data ,
so chances of false positives are high.
Contributing to ParamSpider :
- Report bugs , missing best practices
- Shoot my DM with new ideas
- Make more GF profiles (.json files)
- Help in Fixing bugs
- Submit Pull requests
My Twitter :
Say hello : 0xAsm0d3us
Wanna show support for the tool ?
I will be more than happy if you will show some love for Animals by donating to Animal Aid Unlimited ,Animal Aid Unlimited saves animals through street animal rescue, spay/neuter and education. Their mission is dedicated to the day when all living beings are treated with compassion and love. ✨
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].