Need help with Parth?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

s0md3v
251 Stars 48 Forks GNU General Public License v3.0 11 Commits 0 Opened issues

Description

Heuristic Vulnerable Parameter Scanner

Services available

!
?

Need anything else?

Contributors list

# 1,654
Python
xss
cloudfl...
Perl
7 commits
# 85,577
python3
macOS
Windows
Python
1 commit
# 2,159
d3v5
autoit
socat
R
1 commit


Parth
Parth

Heuristic Vulnerable Parameter Scanner

demo

Introduction

Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter

?url=
usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs or it's own discovered URLs to find such parameter names and the risks commonly associated with them. Parth is designed to aid web security testing by helping in prioritization of components for testing.

Usage

Import targets from a file

This option works for all 3 supported import types: Burp Suite history, newline delimited text file or a HTTP request text file.

python3 parth.py -i example.history

Find URLs for a domain

This option will make use of CommonCrawl, Open Threat Exchange and Waybackmachine to find URLs of the target domain.

python3 parth.py -t example.com

Ignore duplicate parameter names

Same parameter names across all URLs are ignored.

python3 parth.py -ut example.com

Save parameter names

This option will write all the parameter names found in a file with name

params-{target}.txt
for later use.
python3 parth.py -pt example.com

JSON Output

The following command will save the result as a JSON object in the specified file.

python3 parth.py -t example.com -o example.json

Credits

The database of parameter names and the risks associated with them is mainly created from the public work of various people of the community.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.