Home Unlabelled Parameth - This Tool Tin Flame Endure Used To Creature Detect Cash Inwards One's Chips Too Post Service Parameters

Parameth - This Tool Tin Flame Endure Used To Creature Detect Cash Inwards One's Chips Too Post Service Parameters

By
Wednesday, September 11, 2019
Read
Add Comment

This tool tin give the sack move used to brute discover GET together with POST parameters
Often when y'all are busting a directory for mutual files, y'all tin give the sack position scripts (for instance test.php) that await similar they ask to move passed an unknown parameter. This hopefully tin give the sack assistance notice them.

The -off flag allows y'all to specify an foremost (helps amongst dynamic pages) together with thus for example, if y'all were getting alternating reply sizes of 4444 together with 4448, gear upward the foremost to v together with it volition alone exhibit the materials exterior the norm.

Installation
virtualenv venv . ./venv/bin/activate pip install -u -r requirements.txt

Usage
usage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT]                    [-t THREADS] [-off VARIANCE] [-diff DIFFERENCE] [-o OUT]                    [-P PROXY] [-x IGNORE] [-s SIZEIGNORE] [-d DATA]                    [-i IGMETH] [-c COOKIE] [-T TIMEOUT]  optional arguments:   -h, --help            exhibit this assistance message together with buy the farm   -v, --version         Version Information   -u URL, --url URL     Target URL   -p PARAMS, --params PARAMS                         Provide a listing of parameters to scan for   -H HEADER, --header HEADER                         Add headers inwards format a:b c:d   -a AGENT, --agent AGENT                         Specify a user agent   -t THREADS, --threads THREADS                         Specify the set out of threads.   -off VARIANCE, --variance VARIANCE                            The foremost inwards divergence to ignore (if dynamic pages)   -diff DIFFERENCE, --difference DIFFERENCE                         Percentage divergence inwards reply (recommended 95)   -o OUT, --out OUT     Specify output file   -P PROXY, --proxy PROXY                         Specify a proxy inwards the shape http|s://[IP]:[PORT]   -x IGNORE, --ignore IGNORE                         Specify a condition to ignore eg. 404,302...   -s SIZEIGNORE, --sizeignore SIZEIGNORE                         Ignore responses of specified size   -d DATA, --data DATA  Provide default shipping information (also taken from provided                         url later ?)   -i IGMETH, --igmeth IGMETH                         Ignore GET or POST method. Specify g or p   -c COOKIE, --cookie COOKIE                         Specify Cookies   -T TIMEOUT, --timeout TIMEOUT                         Specify a timeout inwards seconds to hold back betwixt each                         reque   st

Adding novel params from source:
The next regexes mightiness move useful to parse $_GET or $_POST parameters from source:
$> grep -rioP '$_POST[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_POST[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_POST[\s*["']//g" -e "s/\s*['"]\s*]//g" | form -u > /tmp/outfile.txt
$> grep -rioP '$_GET[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_GET[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_GET[\s*["']//g" -e "s/\s*['"]\s*]//g" | form -u > /tmp/outfile.txt


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us