Jump to content
Fi8sVrs

parameth - Tool to brute discover GET and POST parameters

Recommended Posts

  • Active Members

parameth

This tool can be used to brute discover GET and POST parameters

Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them.

68747470733a2f2f7062732e7477696d672e636f

The -off flag allows you to specify an offset (helps with dynamic pages) so for example, if you were getting alternating response sizes of 4444 and 4448, set the offset to 5 and it will only show the stuff outside the norm

#Usage


    ***usage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT]

                  [-t THREADS] [-off VARIANCE] [-o OUT] [-P PROXY]

                  [-x IGNORE] [-s SIZEIGNORE] [-d DATA] [-i IGMETH]

                  [-c COOKIE]***

    optional arguments:

    -h, --help show this help message and exit

    -v, --version Version Information

    -u URL, --url URL Target URL

    -p PARAMS, --params PARAMS Provide a list of parameters to scan for

    -H HEADER, --header HEADER Add a custom header to the requests

    -a AGENT, --agent AGENT Specify a user agent

    -t THREADS, --threads THREADS Specify the number of threads.

    -off VARIANCE, --variance VARIANCE The offset in difference to ignore (if dynamic pages)

    -diff DIFFERENCE, --difference DIFFERENCE Percentage difference in response (recommended 95)

    -o OUT, --out OUT Specify output file

    -P PROXY, --proxy PROXY Specify a proxy in the form http|s://[IP]:[PORT]

    -x IGNORE, --ignore IGNORE Specify a status to ignore eg. 404,302...

    -s SIZEIGNORE, --sizeignore SIZEIGNORE Ignore responses of specified size

    -d DATA, --data DATA Provide default post data (also taken from provided url after ?)

    -i IGMETH, --igmeth IGMETH Ignore GET or POST method. Specify g or p

    -c COOKIE, --cookie COOKIE Specify Cookies

    -T TIMEOUT, --timeout TIMEOUT Specify a timeout in seconds to wait between each request

Adding new params from source:

The following regexes might be useful to parse $_GET or $_POST parameters from source:

$> grep -rioP '$_POST[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_POST[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_POST[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt
$> grep -rioP '$_GET[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_GET[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_GET[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt

 

Download parameth-master.zip

or

git clone https://github.com/maK-/parameth.git

Source: https://github.com/mak-/parameth

  • Upvote 5
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...