{"id":25074784,"url":"https://github.com/rix4uni/paramfinder","last_synced_at":"2026-01-20T06:11:44.684Z","repository":{"id":65001089,"uuid":"580397053","full_name":"rix4uni/paramfinder","owner":"rix4uni","description":"Find input and textarea hidden parameters in html.","archived":false,"fork":false,"pushed_at":"2024-10-08T05:40:31.000Z","size":27,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-07T00:18:38.639Z","etag":null,"topics":["bug-bounty","bugbounty","bugbountytips","hacking","hidden-parameters","infosec","osint","osint-resources","osint-tool","parameters","penetration-testing","pentest-tool","pentesting","recon","reconnaissance","security","security-tools","threat-intelligence"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rix4uni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-20T13:11:34.000Z","updated_at":"2025-01-20T13:53:17.000Z","dependencies_parsed_at":"2024-05-22T05:39:39.088Z","dependency_job_id":"a5eec18a-35f0-4510-b961-e878ab09f737","html_url":"https://github.com/rix4uni/paramfinder","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2Fparamfinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2Fparamfinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2Fparamfinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2Fparamfinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rix4uni","download_url":"https://codeload.github.com/rix4uni/paramfinder/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246531983,"owners_count":20792735,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bugbounty","bugbountytips","hacking","hidden-parameters","infosec","osint","osint-resources","osint-tool","parameters","penetration-testing","pentest-tool","pentesting","recon","reconnaissance","security","security-tools","threat-intelligence"],"created_at":"2025-02-07T00:18:36.664Z","updated_at":"2026-01-20T06:11:44.676Z","avatar_url":"https://github.com/rix4uni.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"## ParamFinder\n\nParamFinder crawls all input and textarea tags\n\n## Installation\n```\ngo install github.com/rix4uni/paramfinder@latest\n```\n\n## Download prebuilt binaries\n```\nwget https://github.com/rix4uni/paramfinder/releases/download/v0.0.3/paramfinder-linux-amd64-0.0.3.tgz\ntar -xvzf paramfinder-linux-amd64-0.0.3.tgz\nrm -rf paramfinder-linux-amd64-0.0.3.tgz\nmv paramfinder ~/go/bin/paramfinder\n```\nOr download [binary release](https://github.com/rix4uni/paramfinder/releases) for your platform.\n\n## Compile from source\n```\ngit clone --depth 1 https://github.com/rix4uni/paramfinder.git\ncd paramfinder; go install\n```\n\n## Usage\n```yaml\nUsage of paramfinder:\n      --concurrency int   number of concurrent goroutines (default 50)\n      --output string     output file path\n      --silent            silent mode.\n      --timeout int       HTTP request timeout duration (in seconds) (default 30)\n      --verbose           enable verbose mode\n      --version           Print the version of the tool and exit.\n```\n\n**Note:** Insecure SSL connections are automatically enabled. The tool outputs only the transformed URL with all parameters set to `rix4uni`.\n\n## Example usages\n\nSingle URL:\n```yaml\necho \"http://testphp.vulnweb.com/login.php\" | paramfinder\n```\n\nMultiple URLs:\n```yaml\ncat urls.txt | paramfinder\n```\n\nurls.txt contains:\n```yaml\nhttp://testphp.vulnweb.com/login.php\nhttp://testphp.vulnweb.com/guestbook.php\nhttp://testphp.vulnweb.com/AJAX/index.php\n```\n\nOutput:\n```yaml\n▶ cat urls.txt | paramfinder --silent\nhttp://testphp.vulnweb.com/login.php?uname=rix4uni\u0026pass=rix4uni\u0026searchFor=rix4uni\u0026goButton=rix4uni\nhttp://testphp.vulnweb.com/guestbook.php?name=rix4uni\u0026text=rix4uni\u0026submit=rix4uni\u0026searchFor=rix4uni\u0026goButton=rix4uni\n```\n\n## Real world Example why this tool is usefull\n```yaml\necho \"https://domain.com/xyz/index.php\" | paramfinder --silent\nhttps://domain.com/xyz/index.php?view=rix4uni\n```\n## Found xss in `view` parameter\n- https://domain.com/xyz/index.php?view=1'-confirm`K`-'=1\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frix4uni%2Fparamfinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frix4uni%2Fparamfinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frix4uni%2Fparamfinder/lists"}