• This repository has been archived on 20/Sep/2023
  • Stars
    star
    1,338
  • Rank 35,129 (Top 0.7 %)
  • Language
    Python
  • Created about 8 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This tool can be used to brute discover GET and POST parameters

parameth

This tool can be used to brute discover GET and POST parameters

Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them.

example scan

The -off flag allows you to specify an offset (helps with dynamic pages) so for example, if you were getting alternating response sizes of 4444 and 4448, set the offset to 5 and it will only show the stuff outside the norm

Installation

virtualenv venv
. ./venv/bin/activate
pip install -u -r requirements.txt

Usage

usage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT]
                   [-t THREADS] [-off VARIANCE] [-diff DIFFERENCE] [-o OUT]
                   [-P PROXY] [-x IGNORE] [-s SIZEIGNORE] [-d DATA]
                   [-i IGMETH] [-c COOKIE] [-T TIMEOUT]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         Version Information
  -u URL, --url URL     Target URL
  -p PARAMS, --params PARAMS
                        Provide a list of parameters to scan for
  -H HEADER, --header HEADER
                        Add headers in format a:b c:d
  -a AGENT, --agent AGENT
                        Specify a user agent
  -t THREADS, --threads THREADS
                        Specify the number of threads.
  -off VARIANCE, --variance VARIANCE
                        The offset in difference to ignore (if dynamic pages)
  -diff DIFFERENCE, --difference DIFFERENCE
                        Percentage difference in response (recommended 95)
  -o OUT, --out OUT     Specify output file
  -P PROXY, --proxy PROXY
                        Specify a proxy in the form http|s://[IP]:[PORT]
  -x IGNORE, --ignore IGNORE
                        Specify a status to ignore eg. 404,302...
  -s SIZEIGNORE, --sizeignore SIZEIGNORE
                        Ignore responses of specified size
  -d DATA, --data DATA  Provide default post data (also taken from provided
                        url after ?)
  -i IGMETH, --igmeth IGMETH
                        Ignore GET or POST method. Specify g or p
  -c COOKIE, --cookie COOKIE
                        Specify Cookies
  -T TIMEOUT, --timeout TIMEOUT
                        Specify a timeout in seconds to wait between each
                        request

Adding new params from source:

The following regexes might be useful to parse $_GET or $_POST parameters from source:

$> grep -rioP '$_POST[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_POST[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_POST[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt

$> grep -rioP '$_GET[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_GET[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_GET[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt

More Repositories

1

scantastic-tool

It's bloody scantastic
Python
233
star
2

maK_it-Linux-Rootkit

This is a linux rootkit using many of the techniques described on
C
166
star
3

reverse-shell-access-kernel-module

This is a kernel module invoked reverse shell proof of concept.
C
68
star
4

scanomaly-2years

This is a web application fuzzer scanner - the goal was CLI flexibility and rapid prototyping
Python
45
star
5

Keylogger-lkm

This is a very simple Keylogger, it doesn't hide itself and is a college project building towards developing a rootkit.
C
21
star
6

Syscall-table-hijack-LKM

This demonstrates the hijacking of the "write" system call and how to set the System Call table to read/write mode via modifying the correct cr0 bit.
C
19
star
7

scanomaly

Generic plugin based web application security fuzzing for anomalies by Slándáil Research Limited
Python
13
star
8

Xssive

Xss Vulnerability Demonstration framework.
Python
12
star
9

stealthy-Keylogger-lkm

This is a stealthier version of Keylogger-lkm, it introduces hiding techniques and also a command entering option.
C
11
star
10

SimplestLKM

Hello World Linux Kernel Module
Shell
9
star
11

systemtap-rootkit-project-scripts

This is a repository to hold various scripts and proof of concept code for my final year college project. A Linux rootkit.
Shell
8
star
12

fearann

This permutates and fucks with subdomains hard
Python
5
star
13

mistRust

Learning rust via implementing some stupid simple shellcode droppers
Rust
4
star
14

rss2irc-bot

A simple bot that prints user specified rss feeds into an Irc channel of choice.
Python
4
star
15

Digital-Signature-ElGamal

Implementing a Digital signature using the ElGamal signature scheme. (Crypto Assignment 2)
Java
3
star
16

domaination

This is a very simple/stupid cli tool for doing various things with subdomain lists
Python
3
star
17

Naive-Concurrent-Elevator

Simple naive consumer-producer type solution to the Elevator problem.
Java
2
star
18

Code-Dump

miscellaneous small things
Python
2
star
19

Imageroll

This project Died.
2
star
20

rpliy

Raspberry pi python web player -
Python
1
star
21

Crypto-File-Tool

This was developed to meet the specific requirements of the first assigment in my Cryptography module.
1
star
22

Single-file-server

an ad-hoc single file webserver that allows a count to be added on how many times the file can be downloaded.
Python
1
star
23

Simple-Qlearning-XOs

Expressing Naughts & Crosses as a Simple Reinforcement Learning problem.
Java
1
star