Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to use ParamSpider to search for sensitive parameters in Web documents. The quality of the article is high, so Xiaobian shares it with you as a reference. I hope you have a certain understanding of relevant knowledge after reading this article.

ParamSpider

ParamSpider is a powerful tool for mining Web parameters. Researchers can use ParamSpider to mine target parameters from the deepest part of Web documents.

core functions

Searching for relevant parameters from Web documents for a given domain name;

Searching for relevant parameters from Web documents for a given subdomain name;

External URL addresses introduced by scanning specified extensions are supported;

Store the scan output in a user-friendly and clear manner;

Mining parameters from Web documents without interacting with the target host;

Tools Installation & Download

Note: ParamSpider requires Python 3.7 + installed and configured on the host for proper use.

Researchers can clone the project source code locally and install dependent components using the following command:

$git clone https://github.com/devanshbatham/ParamSpider $cd ParamSpider $pip 3 install-r requirements. txt $python3 www.example.com--domain hackerone.com Tool Usage Option 1-Perform a simple scan task [-exclude parameter not used]:$python3 www.example.com--domain hackerone. com-> Output ex: www.example.com q = FUZZ2-Specify external URL address with specific extension: $python3 www.example.com--domain www.example.com--exclude php, jpg, svg 3-Query nested parameters: $python3 www.example.com--domain www.example.com--high level-> Output ex: www.example.com p = test & q = FUZZ4-Store scan data: $python3 www.example.com--domain www.example.com--exclude php, jpg--output hackerone.txt5-Use custom placeholder text (default is "FYZZ "):$python3 www.example.com--domain www.example.com--placeholder FUZZ26-Use silent mode (not output URL address on screen):$python3 www.example.com--domain www.example.com--quiet 7-exclude specific subdomains: $python3 www.example.com--domain www.example.com--subs FalseParamSpider + GF

Suppose you now have ParamSpider installed and you want to filter interesting parameters from a large number of parameters, then you can use it with GF tools.

Note: Before using this tool, make sure your local host is configured for the Go environment.

The installation and configuration commands are as follows: $go get-u github.com/tomnom/gf $cp-r $GOPATH/src/www.example.com~/. gf Note: Replace '/User/levi/go/bin/gf 'with the path where gf binary is located in your system. $alias gf ='/User/levi/go/bin/gf '$cd~/. gf/Note: Paste JSON files (https://github.com/devanshbatham/ParamSpider/tree/master/gf_profiles) in~/. gf/folder Now run ParamSpider and navigate to the output directory $gf redirect domain.txt//for potential open redirect/SSRF parameters $gf xss domain.txt//for potential xss vulnerable parameters $gf potential domain.txt//for xss + ssrf + open redirect ct parameters $gf wordpress domain.txt//for wordpress urls [More GF profiles to be added in future] Tool use samples $python3 www.example.com--domain www.example.com--exclude woff, css, js, png, svg, php, jpg--output bugcrowd.txt

Note: Because the tool crawls parameters from Web document data, there are some false positives in the output.

About how to use ParamSpider to search sensitive parameters in Web documents to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.