Greeting Everyone! Hope everything is well and going good, today we are going to look on How to enumerate a web application to find out hidden parameters of any website, Here we are going to see How we can find out all possible parameters using some Tools
Paramspider:
Paramspider mines parameters from web archives without interacting with the target host. This will help a tester to find out all possible parameter from out targeted Website .
Usage: Download And Setup from Github
→ git clone https://github.com/devanshbatham/ParamSpider
→ python paramspider.py –domain www.target.com
As above picture We see it find out all possible Parameter From Our target , Now
Arjuntool:
Web applications use parameters (or queries) to accept user input, take the following example into consideration EG: https://domain.com?id=12122 As we see Id Which consider as Parameter but what if there exists a parameter name admin in his case we used Arjun to lookup al; hidden parameter value EG: id=FUZZ
Usage Of Arjun tool git clone https://github.com/s0md3v/Arjun
git clone https://github.com/s0md3v/Arjun
→ python arjun.py -u www.domain.com?id=FUZZ
This will Find out all hidden parameter value compare with id= parameter,
waybackurl:
It extract all possible url from Waybackurl archive data which contains parameter urls. Is a good tool to find out archive urls parameter from our targeted Website.
Usage:
→ go get github.com/tomnomnom/waybackurls
→ waybackurls tesla.com
As above picture We see it extract all the possible url parameter from archive data . As we see how we find out all possible parameters from our targeted website this will help in your testing phase we used different tools which make our testing phase more easy for hidden parameter of website.
Tools We used : Paramspider , Arjun tool, Waybackurls
Thank You! See You In Another Bloghidden parameter of website
