Hey folks, today we are going to talk about an interesting tool called βParamSpiderβ. It is extremely designed for scrap the vulnerable parameter from the web application that can be helpful during the penetration testing.
Lets do it π !!
First we need to download this tool from the github page which is pretty simple, just execute the following git command and tool will be download on terminal.
git clone https://github.com/devanshbatham/ParamSpider
Go into the directory by cd command.
cd ParamSpider
Before start this tool we need to fulfill some requirements of this tool.
pip3 install -r requirements.txt
Now first we will take an example without adding the filter. Through this command we will try to find all parameters in which some can be harmful or non-harmful parameters.
Usage π pythin3 paramspider.py βdomain < site URL >
python3 paramspider.py --domain secnhack.in
Now we will use the exclude function of this tool to improve our results.
python3 paramspider.py --domain secnhack.in --exclude php,jpg,svg
Now we will find only the nested parameter by uses the following command.
python3 paramspider.py --domain secnhack.in --level high
We will save our results in txt file.
python3 paramspider.py --domain secnhack.in --output results.txt
If we do not want this tool to scan the subdomain then we can use the deprecated function of this tool.
python3 paramspider.py --domain secnhack.in --subs False
Similarly, you can find unsafe parameters using this tool and after that you can start fuzzing to detect the vulnerability in the web application.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
The security of your API should be one of the top priorities of companies. Without…
Hey Folks, In today's business world, it is essential to have an online presence. However,…
Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…
This website uses cookies.