Find parameters silently with ParamSpider

When trying to hack a website, it can be extremely useful to get the parameters of various pages. These may include php, woff, css, js, png, svg, php, jpg and more. Each of these parameters can indicate a specific vulnerability, such as SQLi, XSS, LFI, and others. When we have discovered the parameters, we then check each of them for vulnerabilities.

This can be especially useful in bug bounty.

There are various tools we can use to scan a website, such as OWASP-ZAP or Web Scarab, but these tools can be very noisy and offer no stealth.

Any experienced security technician will notice the traffic and fast requests. One of the ways to avoid this detection is to scan the website archive on archive.org (as you know, archive.org maintains a repository of all past websites). Of course, these files probably won't be identical to the live site, but they may have enough in common to minimize false positives while still not alerting the site owner.

There is a great tool for finding these parameters using archived sites called ParamSpider.

Step #1: Download and of ParamSpider

Our first step is to download and then install paramspider. We can use git clone to clone it to our system.

kali > sudo git clone https://github.com/devanshbatham/ParamSpider

stop

Now, navigate to the new directory ParamSpider and record the contents of the directory.

kali > cd Paramspider

kali > ls -l

param0

Mark the file requirements.txt. We can use this file to load all the requirements of this tool using the command pip as we write below,

kali > pip install -r requirements.txt

param1

Now, we are ready to run paramaspider!

Step #2: Launch ParamSpider

Now that we have paramspider installed, let's check out the help screen.

param2

In its simplest form, the paramspider syntax is simply the command plus -d (domain) followed by the domain name. For example, if we want to scan Elon Musk's tesla.com, we simply type,

kali > sudo python3 ./paramspider.py -d tesla.com

param3

When you press enter, you'll see paramspider crawl the tesla.com website at archive.com looking for various parameters in the URLs.

param4

 

param5

As you can see above, paramspider found 148.192 unique tesla.com URLs and Elon Musk doesn't even know we scanned them!

To see the results, we can simply use the command more followed by the name of the output file (by default, the output file is located in the output directory with a file name of the domain with the extension .txt). In this case, we can simply type:

kali > more output/tesla.com.txt

param6

In some cases, we may not want to see ALL the parameters. For example, we may not want to see those ending in php, jpg, png, aspx, etc. This will help narrow your focus to fewer parameters to test. We exclude some parameters using switch -e, such as

kali > sudo python3 ./paramspider.py -d tesla.com -e php, aspx, jpg, png

param7

Summary

In hacking web applications, it can be very beneficial to find parameters that are often vulnerable to a certain type s.

With a tool like paramspider, we can enumerate and capture these URLs and then use them for testing at a later time without alarming the site owners.

While far from perfect, it can give us some insight into potential vulnerabilities as well as vulnerabilities that have been mitigated (if a certain type of vulnerability existed in one part of the site, it's very likely that other similar vulnerabilities exist ). ParamSpider is another valuable tool in the toolkit of

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.
ParamSpider

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).