Information Gathering

ParamSpider – Mining Parameters From Dark Corners Of Web Archives

ParamSpider - Mining Parameters From Dark Corners Of Web Archives


ParamSpider : Parameter miner for humans.

Key Features :

  • Finds parameters from web archives of the entered domain.
  • Finds parameters from subdomains as well.
  • Gives support to exclude urls with specific extensions.
  • Saves the output result in a nice and clean manner.
  • It mines the parameters from web archives (without interacting with the target host)

Usage instructions :

Note : Use python 3.7+
$ git clone
$ cd ParamSpider
$ pip3 install -r requirements.txt
$ python3 --domain

Usage options :

1 - For a simple scan [without the --exclude parameter]
$ python3 --domain
-> Output ex :
2 - For excluding urls with specific extensions
$ python3 --domain --exclude php,jpg,svg
3 - For finding nested parameters
$ python3 --domain --level high
-> Output ex :
4 - Saving the results
$ python3 --domain --exclude php,jpg --output hackerone.txt
5 - Using with a custom placeholder text (default is FUZZ), e.g. don't add a placeholder
$ python3 --domain --placeholder FUZZ2
6 - Using the quiet mode (without printing the URLs on screen)
$ python3 --domain --quiet
7 - Exclude subdomains [for parameters from domain+subdomains, do not spe cify this argument]
$ python3 --domain --subs False

ParamSpider + GF (for massive pwnage)
Lets say you have already installed ParamSpider and now you want to filter out the juicy parameters from plethora of parameters. No worries you can easily do it using GF(by tomnomnom) .
Note : Make sure you have go properly installed on your machine .
Follow along this :

$ go get -u
$ cp -r $GOPATH/src/ ~/.gf
Note : Replace '/User/levi/go/bin/gf' with the path where gf binary is located in your system.
$ alias gf='/User/levi/go/bin/gf'
$ cd ~/.gf/
Note : Paste JSON files( in ~/.gf/ folder
Now run ParamSpider and navigate to the output directory
$ gf redirect domain.txt //for potential open redirect/SSRF parameters
$ gf xss domain.txt //for potential xss vulnerable parameters
$ gf potential domain.txt //for xss + ssrf + open redirect parameters
$ gf wordpress domain.txt //for wordpress urls
[More GF profiles to be added in future]

Example :

$ python3 --domain --exclude woff,css,js,png,svg,php,jpg --output bugcrowd.txt


Note :

As it fetches the parameters from web archive data ,
so chances of false positives are high.

Contributing to ParamSpider :

  • Report bugs , missing best practices
  • Shoot my DM with new ideas
  • Make more GF profiles (.json files)
  • Help in Fixing bugs
  • Submit Pull requests

Say hello : 0xAsm0d3us

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: