Accepts URLs as stdin, replaces query string with supplied value and stdout
Project description
Bhedak
A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every OS. Made with python
Installation
$ pip3 install bhedak
Usage
-
For
linux,unixanddebianbased systems$ waybackurls target.tld | bhedak "payload"
-
For
windowsbased systemscmd> type urls.txt | python bhedak.py "payload"
-
If no
payloadpassed$ waybackurls subdomain.target.tld | bhedak http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
-
Example input file
$ waybackurls subdomain.target.tld | tee -a urls http://subdomain.target.tld/comment.php?pid=username&user=1 http://subdomain.target.tld/disclaimer.php=1 http://subdomain.target.tld/hpp/index.php?pp=12 http://subdomain.target.tld/hpp/?pp=12&user=5
-
Replace query string values
$ cat urls | bhedak "FUZZ" http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
-
Replace query string with custom payloads
$ cat urls | bhedak "\"><svg/onload=alert(1)>*'/---+{{7*7}}" http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
-
Remove duplicate urls
$ cat urls | bhedak "FUZZ" | sort -u http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
-
Comparsion
$ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ" http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ $ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | bhedak "FUZZ" http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ?hardwareid=FUZZ&tarifid=FUZZ
Donate
If this tool helped you or you like my work
Thanks to @tomnomnom for making an amazing tool called qsreplace, from using qsreplace I got idea to make bhedak
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
File details
Details for the file bhedak-2.0.3-py3-none-any.whl.
File metadata
- Download URL: bhedak-2.0.3-py3-none-any.whl
- Upload date:
- Size: 3.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ccdfc66b749a904a95fd61dfb8f361602b2f3d291ea6d21c6c599a0d65cdeb10 |
|
| MD5 | 23c28e7d65adbbd3d6ccbc41cad8a458 |
|
| BLAKE2b-256 | c1035cd7dd77377da7541781091a43ae196b189081297be2c4e625bdd2eebcb4 |
