Greeting Everyone ! Hope everything is well and going good , today we are going to look on How enumerate a web application to find out hidden parameter of any website , Here we are going to see How we can find out all possible parameter using some Tools
As we Know Some Time Parameters Lead Huge Impact for Website Which We can say Open Door an attacker Can easily compromised Website Using Vulnerable parameter and therefore some this is difficult to find all parameter manually so here we can use Some tools techniques to utilize Our testing Phase .
Paramspider mines parameters from web archives without interacting with the target host. This will help a tester to find out all possible parameter from out targeted Website .
Usage: Download And Setup from Github
→ git clone https://github.com/devanshbatham/ParamSpider
→ python paramspider.py –domain www.target.com
As above picture We see it find out all possible Parameter From Our target , Now
Web applications use parameters (or queries) to accept user input, take the following example into consideration EG: https://domain.com?id=12122 As we see Id Which consider as Parameter but what if there exists a parameter name admin in his case
we used Arjun to lookup al; hidden parameter value EG: id=FUZZ
Usage Of Arjun tool git clone
→ python arjun.py -u www.domain.com?id=FUZZ
This will Find out all hidden parameter value compare with id= parameter
It extract all possible url from Wayback archive data which contains parameter urls. Is a good tool to find out archive urls parameter from our targeted Website.
→ go get github.com/tomnomnom/waybackurls
→ waybackurls tesla.com
As above picture We see it extract all the possible url parameter from archive data . As we see how we find out all possible parameters from our targeted website this will help in your testing phase we used different tools which make our testing phase more easy.
Thank You! See You In Another Blog