Accepts URLs as stdin, replaces query string with supplied value and stdout
Project description
Bhedak
A replacement of qsreplace
, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every OS
. Made with python
Installation
$ pip3 install bhedak
Usage
-
Example input file
$ waybackurls subdomain.target.tld | tee -a urls http://subdomain.target.tld/comment.php?pid=username&user=1 http://subdomain.target.tld/disclaimer.php=1 http://subdomain.target.tld/hpp/index.php?pp=12 http://subdomain.target.tld/hpp/?pp=12&user=5
-
Replace query string values
$ cat urls | bhedak "FUZZ" http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
-
Replace query string with custom payloads
$ cat urls | bhedak "\"><svg/onload=alert(1)>*'/---+{{7*7}}" http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
-
Remove duplicate urls
$ cat urls | bhedak "FUZZ" | sort -u http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
-
Comparsion
$ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ" http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ $ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | bhedak "FUZZ" http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ?hardwareid=FUZZ&tarifid=FUZZ
Donate
If this tool helped you or you like my workThanks to @tomnomnom
for making an amazing tool called qsreplace
, from using qsreplace
I got idea to make bhedak
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bhedak-2.0.tar.gz
(2.9 kB
view hashes)