主要特征 :
-
从输入域的Web存档中查找参数。
-
提供支持以排除具有特定扩展名的网址。
-
以一种干净的方式保存输出结果。
-
它从Web存档中挖掘参数(无需与目标主机进行交互)
使用说明:
Note : Use python 3.7
$ git clone
https://github.com/devanshbatham/ParamSpider
$ cd ParamSpider
$ pip3 install -r requirements.txt
$ python3 paramspider.py –domain hackerone.com
用法选项:
1 – For a simple scan [without the –exclude parameter]
$ python3 paramspider.py –domain hackerone.com
-> Output ex :
https://hackerone.com/test.php?q=FUZZ
2 – For excluding urls with specific extensions
$ python3 paramspider.py –domain hackerone.com –exclude php,jpg,svg
3 – For finding nested parameters
$ python3 paramspider.py –domain hackerone.com –level high
-> Output ex:
https://hackerone.com/test.php?p=test&q=FUZZ
4 – Saving the results
$ python3 paramspider.py –domain hackerone.com –exclude php,jpg –output hackerone.txt
范例:
$ python3 paramspider.py –domain bugcrowd.com –exclude woff,css,js,png,svg,php,jpg –output bugcrowd.txt
文章来源:
https://github.com/devanshbatham/ParamSpider
暂无评论内容