ParamSpider – Digging parameters from dark corners of Web Archives
ParamSpider is a Python language-based tool, an open-source tool used for digging parameters from web archives without building interaction with the victim host. For digging parameters, the ParamSpider tool uses various techniques and wordlists. However, these parameters are most useful for security researchers or bug bounty hunters because they can test several kinds of bugs such as XSS, SQL injection, SSRF, or open redirect easily.
Key Features of ParamSpider Tool
- ParamSpider Diggs hidden parameters from web archives of the entered target host.
- ParamSpider also finds parameters from target subdomains.
- ParamSpider gives support to URLs with specific extensions.
- ParamSpider mines the parameters from web archives without interacting with the victim host.
- ParamSpider saves the output of the scan in a nice and clean manner in text files.
Installation of ParamSpider Tool in Kali Linux
Step 1: First, you have to open the Kali Linux terminal and after that move to the desktop by using the following command. On the desktop, we have to create a directory in which we will install the tool or clone the tool from GitHub.
Step 2: Now, we are on the desktop. We will create a new directory called ParamSpider using the following command.
Step 3: You have created the directory ParamSpider on the Desktop. Move to this directory using the following command.
Step 4: Now you are under ParamSpider directory. Here you have to clone the ParamSpider tool from GitHub. To clone the tool, use the following command.
git clone https://github.com/devanshbatham/ParamSpider
Step 5: Now, the tool has been cloned successfully to the ParamSpider directory. Now list out all the contents of the tool in that directory using the following commands.
Step 6: You can see a new directory here. ParamSpider created. Move to this directory using the following command.
Step 7: List out the content of the directory using the following command.
Step 8: Download the required packages used to run the python script, use the following command.
pip3 install -r requirements.txt
Step 9: Run the tool or configure the help page of the tool by using the following command.
python3 paramspider.py --help
Working with ParamSpider Tool
python3 paramspider.py -d geeksforgeeks.org
Our Scanning Process is started, ParamSpider will find all the parameters on different URLs of geeksforgeeks.org
Now, you can see we have got 67390 unique parameter URLs.You can easily test any parameter for different Vulnerabilities.
These URLs are saved in output directory along with the target name.