Skip to main content

Heuristics based vulnerable parameter scanner

Project description


Parth
Parth

Heuristic Vulnerable Parameter Scanner

demo

Introduction

Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs or it's own discovered URLs to find such parameter names and the risks commonly associated with them. Parth is designed to aid web security testing by helping in prioritization of components for testing.

Usage

Import targets from a file

This option works for all 3 supported import types: Burp Suite history, newline delimited text file or a HTTP request text file.

parth -i example.history

Import targets from stdin

cat urls | parth

An exclusive option --pipe is available when importing targets from stdin. It can be used to output URLs vulnerable to a specific vulnerabily.

cat urls | parth --pipe xss

Supported Issues: lfi, ssrf, sqli, xss, open_redirect, rce

Find URLs for a domain

This option will make use of CommonCrawl, Open Threat Exchange and Waybackmachine to find URLs of the target domain.

parth -t example.com

Ignore duplicate parameter names

Same parameter names across all URLs are ignored.

parth -ut example.com

Save parameter names

This option will write all the parameter names found in a file with name params-{target}.txt for later use.

parth -pt example.com

JSON Output

The following command will save the result as a JSON object in the specified file.

parth -t example.com -o example.json

Credits

The database of parameter names and the risks associated with them is mainly created from the public work of various people of the community such as @Jhaddix.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

parth-0.2.1.tar.gz (9.2 kB view details)

Uploaded Source

File details

Details for the file parth-0.2.1.tar.gz.

File metadata

  • Download URL: parth-0.2.1.tar.gz
  • Upload date:
  • Size: 9.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/18.0.1 rfc3986/2.0.0 colorama/0.4.3 CPython/3.8.10

File hashes

Hashes for parth-0.2.1.tar.gz
Algorithm Hash digest
SHA256 59e9bcf85e55b20d1c123d57c74bfeaeaccd522b30ac34d7315d3361d9e3372e
MD5 b733c041762d4f94162e54fea941aa3d
BLAKE2b-256 403dafe45115051a5ed26ea6f695ddba63cb35b7b058533f163c1e7ef9e74816

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page