Active Members Fi8sVrs Posted October 4, 2017 Active Members Report Posted October 4, 2017 parameth This tool can be used to brute discover GET and POST parameters Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them. The -off flag allows you to specify an offset (helps with dynamic pages) so for example, if you were getting alternating response sizes of 4444 and 4448, set the offset to 5 and it will only show the stuff outside the norm #Usage ***usage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT] [-t THREADS] [-off VARIANCE] [-o OUT] [-P PROXY] [-x IGNORE] [-s SIZEIGNORE] [-d DATA] [-i IGMETH] [-c COOKIE]*** optional arguments: -h, --help show this help message and exit -v, --version Version Information -u URL, --url URL Target URL -p PARAMS, --params PARAMS Provide a list of parameters to scan for -H HEADER, --header HEADER Add a custom header to the requests -a AGENT, --agent AGENT Specify a user agent -t THREADS, --threads THREADS Specify the number of threads. -off VARIANCE, --variance VARIANCE The offset in difference to ignore (if dynamic pages) -diff DIFFERENCE, --difference DIFFERENCE Percentage difference in response (recommended 95) -o OUT, --out OUT Specify output file -P PROXY, --proxy PROXY Specify a proxy in the form http|s://[IP]:[PORT] -x IGNORE, --ignore IGNORE Specify a status to ignore eg. 404,302... -s SIZEIGNORE, --sizeignore SIZEIGNORE Ignore responses of specified size -d DATA, --data DATA Provide default post data (also taken from provided url after ?) -i IGMETH, --igmeth IGMETH Ignore GET or POST method. Specify g or p -c COOKIE, --cookie COOKIE Specify Cookies -T TIMEOUT, --timeout TIMEOUT Specify a timeout in seconds to wait between each request Adding new params from source: The following regexes might be useful to parse $_GET or $_POST parameters from source: $> grep -rioP '$_POST[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_POST[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_POST[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt $> grep -rioP '$_GET[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_GET[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_GET[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt Download parameth-master.zip or git clone https://github.com/maK-/parameth.git Source: https://github.com/mak-/parameth 5 Quote
osirium Posted October 5, 2017 Report Posted October 5, 2017 Hi, Just curious if you were able to successfully use this tool. Gave it a couple of tries but from some whatever reasons didn't work as expected. Thanks. Quote
Active Members dancezar Posted October 5, 2017 Active Members Report Posted October 5, 2017 You can use the wordlist of parameter names from this tool into an Intruder from burp it's basically the same. It would be a great idea to use this tool to create a bash script to parse a list of files instead of a single target. Quote
