{"id":13541968,"url":"https://github.com/maK-/parameth","last_synced_at":"2025-04-02T09:33:05.634Z","repository":{"id":44246904,"uuid":"67958581","full_name":"maK-/parameth","owner":"maK-","description":"This tool can be used to brute discover GET and POST parameters","archived":true,"fork":false,"pushed_at":"2019-08-24T15:17:14.000Z","size":120,"stargazers_count":1357,"open_issues_count":5,"forks_count":192,"subscribers_count":38,"default_branch":"master","last_synced_at":"2025-01-18T22:37:16.831Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maK-.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-09-11T22:52:02.000Z","updated_at":"2025-01-17T17:04:02.000Z","dependencies_parsed_at":"2022-09-12T02:42:04.822Z","dependency_job_id":null,"html_url":"https://github.com/maK-/parameth","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maK-%2Fparameth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maK-%2Fparameth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maK-%2Fparameth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maK-%2Fparameth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maK-","download_url":"https://codeload.github.com/maK-/parameth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246788944,"owners_count":20834200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T10:00:59.503Z","updated_at":"2025-04-02T09:33:04.981Z","avatar_url":"https://github.com/maK-.png","language":"Python","readme":"# parameth\nThis tool can be used to brute discover GET and POST parameters\n\nOften when you are busting a directory for common files, \nyou can identify scripts (for example test.php) that look like they need\nto be passed an unknown parameter. This hopefully can help find them.\n\n![example scan](https://pbs.twimg.com/media/CsHJsjsXEAAOgxK.jpg)\n\nThe ***-off*** flag allows you to specify an offset (helps with dynamic pages)\nso for example, if you were getting alternating response sizes of 4444 and\n4448, set the offset to 5 and it will only show the stuff outside the norm\n\n# Installation\n\n```shell\nvirtualenv venv\n. ./venv/bin/activate\npip install -u -r requirements.txt\n```\n\n\n# Usage\n\n```\nusage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT]\n [-t THREADS] [-off VARIANCE] [-diff DIFFERENCE] [-o OUT]\n [-P PROXY] [-x IGNORE] [-s SIZEIGNORE] [-d DATA]\n [-i IGMETH] [-c COOKIE] [-T TIMEOUT]\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --version Version Information\n -u URL, --url URL Target URL\n -p PARAMS, --params PARAMS\n Provide a list of parameters to scan for\n -H HEADER, --header HEADER\n Add headers in format a:b c:d\n -a AGENT, --agent AGENT\n Specify a user agent\n -t THREADS, --threads THREADS\n Specify the number of threads.\n -off VARIANCE, --variance VARIANCE\n The offset in difference to ignore (if dynamic pages)\n -diff DIFFERENCE, --difference DIFFERENCE\n Percentage difference in response (recommended 95)\n -o OUT, --out OUT Specify output file\n -P PROXY, --proxy PROXY\n Specify a proxy in the form http|s://[IP]:[PORT]\n -x IGNORE, --ignore IGNORE\n Specify a status to ignore eg. 404,302...\n -s SIZEIGNORE, --sizeignore SIZEIGNORE\n Ignore responses of specified size\n -d DATA, --data DATA Provide default post data (also taken from provided\n url after ?)\n -i IGMETH, --igmeth IGMETH\n Ignore GET or POST method. Specify g or p\n -c COOKIE, --cookie COOKIE\n Specify Cookies\n -T TIMEOUT, --timeout TIMEOUT\n Specify a timeout in seconds to wait between each\n request\n```\n\n# Adding new params from source:\n\nThe following regexes might be useful to parse `$_GET` or `$_POST` parameters from source:\n\n\u003e $\u003e grep -rioP '\\$_POST\\[\\s*[\"\\']\\s*\\w+\\s*[\"\\']\\s*\\]' PHPSOURCE | grep -oP '\\$_POST\\[\\s*[\"\\']\\s*\\w+\\s*[\"\\']\\s*\\]' | sed -e \"s/\\$_POST\\[\\s*[\\\"']//g\" -e \"s/\\s*['\\\"]\\s*\\]//g\" | sort -u \u003e /tmp/outfile.txt \n\n\u003e $\u003e grep -rioP '\\$_GET\\[\\s*[\"\\']\\s*\\w+\\s*[\"\\']\\s*\\]' PHPSOURCE | grep -oP '\\$_GET\\[\\s*[\"\\']\\s*\\w+\\s*[\"\\']\\s*\\]' | sed -e \"s/\\$_GET\\[\\s*[\\\"']//g\" -e \"s/\\s*['\\\"]\\s*\\]//g\" | sort -u \u003e /tmp/outfile.txt\n","funding_links":[],"categories":["Python","Recon","Weapons","Python (1887)","其他_安全与渗透"],"sub_categories":["Parameters","Tools","网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FmaK-%2Fparameth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FmaK-%2Fparameth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FmaK-%2Fparameth/lists"}