Code Monkey home page Code Monkey logo

parameth's Introduction

parameth

This tool can be used to brute discover GET and POST parameters

Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them.

The -off flag allows you to specify an offset (helps with dynamic pages) so for example, if you were getting alternating response sizes of 4444 and 4448, set the offset to 5 and it will only show the stuff outside the norm

Installation

virtualenv venv
. ./venv/bin/activate
pip install -u -r requirements.txt

Usage

usage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT]
                   [-t THREADS] [-off VARIANCE] [-diff DIFFERENCE] [-o OUT]
                   [-P PROXY] [-x IGNORE] [-s SIZEIGNORE] [-d DATA]
                   [-i IGMETH] [-c COOKIE] [-T TIMEOUT]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         Version Information
  -u URL, --url URL     Target URL
  -p PARAMS, --params PARAMS
                        Provide a list of parameters to scan for
  -H HEADER, --header HEADER
                        Add headers in format a:b c:d
  -a AGENT, --agent AGENT
                        Specify a user agent
  -t THREADS, --threads THREADS
                        Specify the number of threads.
  -off VARIANCE, --variance VARIANCE
                        The offset in difference to ignore (if dynamic pages)
  -diff DIFFERENCE, --difference DIFFERENCE
                        Percentage difference in response (recommended 95)
  -o OUT, --out OUT     Specify output file
  -P PROXY, --proxy PROXY
                        Specify a proxy in the form http|s://[IP]:[PORT]
  -x IGNORE, --ignore IGNORE
                        Specify a status to ignore eg. 404,302...
  -s SIZEIGNORE, --sizeignore SIZEIGNORE
                        Ignore responses of specified size
  -d DATA, --data DATA  Provide default post data (also taken from provided
                        url after ?)
  -i IGMETH, --igmeth IGMETH
                        Ignore GET or POST method. Specify g or p
  -c COOKIE, --cookie COOKIE
                        Specify Cookies
  -T TIMEOUT, --timeout TIMEOUT
                        Specify a timeout in seconds to wait between each
                        request

Adding new params from source:

The following regexes might be useful to parse $_GET or $_POST parameters from source:

$> grep -rioP '$_POST[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_POST[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_POST[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt

$> grep -rioP '$_GET[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_GET[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_GET[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt

parameth's People

Contributors

mr0wido avatar gehaxelt avatar d-fens avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.