{"id":13762709,"url":"https://github.com/s0md3v/Parth","last_synced_at":"2025-05-10T15:31:47.628Z","repository":{"id":40517565,"uuid":"288785290","full_name":"s0md3v/Parth","owner":"s0md3v","description":"Heuristic Vulnerable Parameter Scanner","archived":false,"fork":false,"pushed_at":"2024-01-08T06:26:26.000Z","size":59,"stargazers_count":570,"open_issues_count":0,"forks_count":95,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-11-11T06:38:26.484Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/s0md3v.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-19T16:41:52.000Z","updated_at":"2024-11-05T18:14:22.000Z","dependencies_parsed_at":"2024-08-03T14:16:06.236Z","dependency_job_id":null,"html_url":"https://github.com/s0md3v/Parth","commit_stats":{"total_commits":30,"total_committers":3,"mean_commits":10.0,"dds":0.06666666666666665,"last_synced_commit":"d4f423ef9397ccc5d1a9e2388ba8dc408abc4c38"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0md3v%2FParth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0md3v%2FParth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0md3v%2FParth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0md3v%2FParth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/s0md3v","download_url":"https://codeload.github.com/s0md3v/Parth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224974208,"owners_count":17401100,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T14:00:54.626Z","updated_at":"2024-11-16T21:30:40.902Z","avatar_url":"https://github.com/s0md3v.png","language":"Python","funding_links":[],"categories":["Weapons","Python","Python (1887)","Web"],"sub_categories":["Tools","Web Exploitation"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/s0md3v/Parth\"\u003e\u003cimg src=\"https://i.ibb.co/n1m7fR2/parth.png\" alt=\"Parth\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  Parth\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eHeuristic Vulnerable Parameter Scanner\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/s0md3v/Parth/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/release/s0md3v/Parth.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/s0md3v/Parth/issues?q=is%3Aissue+is%3Aclosed\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/issues-closed-raw/s0md3v/Parth.svg\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n![demo](https://i.ibb.co/6wbY7fT/Screenshot-2020-08-19-22-17-19.png)\n\n## Introduction\nSome HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter `?url=` usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs or it's own discovered URLs to find such parameter names and the risks commonly associated with them. Parth is designed to aid web security testing by helping in prioritization of components for testing.\n\n## Usage\n**Installation:** `pip3 install parth`\n\n### Import targets from a file\nThis option works for all 3 supported import types: Burp Suite history, newline delimited text file or a HTTP request text file.\n```\nparth -i example.history\n```\n\n### Import targets from stdin\n```\ncat urls | parth\n```\nAn exclusive option `--pipe` is available when importing targets from stdin. It can be used to output URLs vulnerable to a specific vulnerabily.\n```\ncat urls | parth --pipe xss\n```\n\n**Supported Issues:** `lfi, ssrf, sqli, xss, open_redirect, rce`\n\n\n### Find URLs for a domain\nThis option will make use of CommonCrawl, Open Threat Exchange and Waybackmachine to find URLs of the target domain.\n```\nparth -t example.com\n```\n### Ignore duplicate parameter names\nSame parameter names across all URLs are ignored.\n```\nparth -ut example.com\n```\n### Save parameter names\nThis option will write all the parameter names found in a file with name `params-{target}.txt` for later use.\n```\nparth -pt example.com\n```\n### JSON Output\nThe following command will save the result as a JSON object in the specified file.\n```\nparth -t example.com -o example.json\n```\n\n## Credits\nThe database of parameter names and the risks associated with them is mainly created from the public work of various people of the community such as [@Jhaddix](https://twitter.com/Jhaddix).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs0md3v%2FParth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fs0md3v%2FParth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs0md3v%2FParth/lists"}