Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mak-/parameth

This tool can be used to brute discover GET and POST parameters
https://github.com/mak-/parameth

Last synced: about 2 months ago
JSON representation

This tool can be used to brute discover GET and POST parameters

Host: GitHub
URL: https://github.com/mak-/parameth
Owner: maK-
Archived: true
Created: 2016-09-11T22:52:02.000Z (about 8 years ago)
Default Branch: master
Last Pushed: 2019-08-24T15:17:14.000Z (about 5 years ago)
Last Synced: 2024-09-26T04:04:26.442Z (about 2 months ago)
Language: Python
Homepage:
Size: 117 KB
Stars: 1,339
Watchers: 39
Forks: 191
Open Issues: 5
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # parameth

This tool can be used to brute discover GET and POST parameters

Often when you are busting a directory for common files, 

you can identify scripts (for example test.php) that look like they need

to be passed an unknown parameter. This hopefully can help find them.

![example scan](https://pbs.twimg.com/media/CsHJsjsXEAAOgxK.jpg)

The ***-off*** flag allows you to specify an offset (helps with dynamic pages)

so for example, if you were getting alternating response sizes of 4444 and

4448, set the offset to 5 and it will only show the stuff outside the norm

# Installation

```shell

virtualenv venv

. ./venv/bin/activate

pip install -u -r requirements.txt

```

# Usage

```

usage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT]

                   [-t THREADS] [-off VARIANCE] [-diff DIFFERENCE] [-o OUT]

                   [-P PROXY] [-x IGNORE] [-s SIZEIGNORE] [-d DATA]

                   [-i IGMETH] [-c COOKIE] [-T TIMEOUT]

optional arguments:

  -h, --help            show this help message and exit

  -v, --version         Version Information

  -u URL, --url URL     Target URL

  -p PARAMS, --params PARAMS

                        Provide a list of parameters to scan for

  -H HEADER, --header HEADER

                        Add headers in format a:b c:d

  -a AGENT, --agent AGENT

                        Specify a user agent

  -t THREADS, --threads THREADS

                        Specify the number of threads.

  -off VARIANCE, --variance VARIANCE

                        The offset in difference to ignore (if dynamic pages)

  -diff DIFFERENCE, --difference DIFFERENCE

                        Percentage difference in response (recommended 95)

  -o OUT, --out OUT     Specify output file

  -P PROXY, --proxy PROXY

                        Specify a proxy in the form http|s://[IP]:[PORT]

  -x IGNORE, --ignore IGNORE

                        Specify a status to ignore eg. 404,302...

  -s SIZEIGNORE, --sizeignore SIZEIGNORE

                        Ignore responses of specified size

  -d DATA, --data DATA  Provide default post data (also taken from provided

                        url after ?)

  -i IGMETH, --igmeth IGMETH

                        Ignore GET or POST method. Specify g or p

  -c COOKIE, --cookie COOKIE

                        Specify Cookies

  -T TIMEOUT, --timeout TIMEOUT

                        Specify a timeout in seconds to wait between each

                        request

```

# Adding new params from source:

The following regexes might be useful to parse `$_GET` or `$_POST` parameters from source:

> $> grep -rioP '\$_POST\[\s*["\']\s*\w+\s*["\']\s*\]' PHPSOURCE  | grep -oP '\$_POST\[\s*["\']\s*\w+\s*["\']\s*\]' | sed -e "s/\$_POST\[\s*[\"']//g"  -e "s/\s*['\"]\s*\]//g" | sort -u > /tmp/outfile.txt 

> $> grep -rioP '\$_GET\[\s*["\']\s*\w+\s*["\']\s*\]' PHPSOURCE  | grep -oP '\$_GET\[\s*["\']\s*\w+\s*["\']\s*\]' | sed -e "s/\$_GET\[\s*[\"']//g"  -e "s/\s*['\"]\s*\]//g" | sort -u > /tmp/outfile.txt