Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/r0x4r/bhedak
A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
https://github.com/r0x4r/bhedak
bash-script bugbounty python-regex python3 regex sed
Last synced: 14 days ago
JSON representation
A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
- Host: GitHub
- URL: https://github.com/r0x4r/bhedak
- Owner: R0X4R
- License: mit
- Created: 2021-11-23T10:58:29.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-03-01T15:45:06.000Z (over 2 years ago)
- Last Synced: 2024-10-31T23:03:04.620Z (14 days ago)
- Topics: bash-script, bugbounty, python-regex, python3, regex, sed
- Language: Python
- Homepage: https://pypi.org/project/bhedak/
- Size: 374 KB
- Stars: 102
- Watchers: 3
- Forks: 17
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
Bhedak
A replacement of [`qsreplace`](https://github.com/tomnomnom/qsreplace), accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every `OS`. Made with `python`
Installation
```sh
$ pip3 install bhedak
```
```sh
$ wget -O bhedak https://raw.githubusercontent.com/R0X4R/bhedak/main/bhedak.py -q && chmod +x bhedak && mv bhedak /usr/bin/
```
Usage
- **For `linux`, `unix` and `debian` based systems**
```sh
$ waybackurls target.tld | bhedak "payload"
```
- **For `windows` based systems**
```sh
cmd> type urls.txt | python bhedak.py "payload"
```
- **If no `payload` passed**
```console
$ waybackurls subdomain.target.tld | bhedak
http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
```
- **Example input file**
```console
$ waybackurls subdomain.target.tld | tee -a urls
http://subdomain.target.tld/comment.php?pid=username&user=1
http://subdomain.target.tld/disclaimer.php=1
http://subdomain.target.tld/hpp/index.php?pp=12
http://subdomain.target.tld/hpp/?pp=12&user=5
```
- **Replace query string values**
```console
$ cat urls | bhedak "FUZZ"
http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
```
- **Replace query string with custom payloads**
```console
$ cat urls | bhedak "\">*'/---+{{7*7}}"
http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
```
- **Remove duplicate urls**
```console
$ cat urls | bhedak "FUZZ" | sort -u
http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
```
- **Comparsion**
```console
$ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ"
http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ
$ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | bhedak "FUZZ"
http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ?hardwareid=FUZZ&tarifid=FUZZ
```
Donate
If this tool helped you or you like my work
---
Thanks to [`@tomnomnom`](https://github.com/tomnomnom) for making an amazing tool called [`qsreplace`](https://github.com/tomnomnom/qsreplace), from using [`qsreplace`](https://github.com/tomnomnom/qsreplace) I got idea to make [`bhedak`](https://github.com/R0X4R/bhedak)