ParamSpider – Website Parameter Scraping Tool

ParamSpider - Website Parameter Scraping Tool to find hidden parameters on website and web application

ParamSpider : Find hidden parameters in web applications

ParamSpider is an open-source bug bounty tool that is designed to help bug hunter and security researchers find hidden parameters in web applications. These hidden parameters are often used by attackers to exploit vulnerabilities and gain unauthorized access to sensitive information. ParamSpider automates the process of identifying these parameters, making it easier for researchers to find vulnerabilities and report them to the affected organization.

How ParamSpider Works

ParamSpider works by analyzing a target web application and looking for hidden parameters that are not easily discoverable using traditional methods. It does this by sending various HTTP requests to the target and analyzing the responses to identify any new parameters that are present.

The tool uses a combination of different techniques to identify hidden parameters. For example, it looks for parameters that are present in the HTML source code but are not visible to the user, as well as parameters that are included in JavaScript files or embedded in images.

Once ParamSpider has identified these hidden parameters, it generates a report that lists all of the parameters it found. The report includes information about the location of the parameter, as well as its value and any other relevant details.

Key Features :

  • Finds parameters from web archives of the entered domain.
  • Finds parameters from subdomains as well.
  • Gives support to exclude urls with specific extensions.
  • Saves the output result in a nice and clean manner.
  • It mines the parameters from web archives (without interacting with the target host)

ParamSpider Installation

Note : Use python 3.7+$ git clone https://github.com/devanshbatham/ParamSpider $ cd ParamSpider $ pip3 install -r requirements.txt $ python3 paramspider.py –domain hackerone.com

Using ParamSpider to Finde Hidden Parameters

Using ParamSpider is relatively straightforward. The user provides the tool with the URL of the target web application and any additional parameters required for the scan. ParamSpider then begins analyzing the application for hidden parameters. Once the scan is complete, ParamSpider generates a report that lists all of the parameters it found.

The report includes information about each parameter, such as its location and value. The user can use this information to identify potential vulnerabilities in the application and report them to the affected organization.

For a simple scan [without the –exclude parameter]

$ python3 paramspider.py –domain hackerone.com -> Output ex : https://hackerone.com/test.php?q=FUZZ

For excluding urls with specific extensions

$ python3 paramspider.py –domain hackerone.com –exclude php,jpg,svg

For finding nested parameters

$ python3 paramspider.py –domain hackerone.com –level high -> Output ex : https://hackerone.com/test.php?p=test&q=FUZZ

Exclude subdomains [for parameters from domain+subdomains, do not specify this argument]

$ python3 paramspider.py –domain hackerone.com –subs False

ParamSpider + GF (for massive pwnage)

Lets say you have already installed ParamSpider and now you want to filter out the juicy parameters from plethora of parameters. No worries you can easily do it using GF (by tomnomnom).

Note : Make sure you have go properly installed on your machine.

Filter ParamSpider output to find potential XSS vulnerable parameters

$ gf xss paramspider-output.txt //for potential xss vulnerable parameters

Filter ParamSpider output to find parameter which may vulnerable to SQL Injection

$ gf sqli domain.txt //for potential sql injection parameters

Filter ParamSpider output to find potential open redirect/SSRF parameters

$ gf redirect domain.txt //for potential open redirect/SSRF parameters

Conclusion

ParamSpider is a powerful tool that can help ethical hackers and security researchers find hidden parameters in web applications. Its ability to identify parameters that are not easily discoverable using traditional methods makes it a valuable addition to any bug bounty toolkit.



You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen − thirteen =