Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

Parth – Heuristic Vulnerable Parameter in Linux

  • Last Updated : 23 Aug, 2021

The URL parameter is a way to transfer data about a click-through URL. We can include URL parameters into your URLs so that your URLs track data about a click. 

For example, the parameter geeksforgeeks.org/demo?url=[victim_payload] can contain URLs as the value and can fall victim or target for various vulnerabilities like LFI, XSS, etc. Open-Redirection, SSRF attacks, and many more. Parth tool is a python language-based tool that can discover URLs to find parameters names and the vulnerabilities or risks commonly associated with them. Parth tool can store the results in the file and JSON format. Parth tool is designed to assist penetration testers in security testing by prioritization of components for testing.

Features of Parth Tool:

  1. Parth tool can discover URLs with risky parameters.
  2. Parth tool is designed in Python Language.
  3. Parth tool can store or save the results in File or JSON format.
  4. Parth tool is Open source and free to use.

Installation:

Step 1: Check whether Python Environment is Established or not, use the following command.

python3

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.



cd Desktop

Step 3: You are on Desktop now create a new directory called Parth using the following command. In this directory, we will complete the installation of the Parth tool.

mkdir Parth 

Step 4: Now switch to the Parth directory using the following command.

cd Parth 

Step 5: Now you have to install the tool. You have to clone the tool from Github.

sudo git clone https://github.com/s0md3v/Parth.git

Step 6: The tool has been downloaded successfully in the Parth directory. Now list out the contents of the tool by using the below command.



ls

Step 7: You can observe that there is a new directory created of the Parth tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd Parth

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Now we are done with our installation, Use the below command to view the help (gives a better understanding of tool) index of the tool.

python3 parth.py -h

Working with Parth Tool on Kali Linux

Example 1: Find URLs for a domain

In this example, We will be performing Parameter scanning on our target geeksforgeeks.org. We have used -t (target) tag to specify our target host.

python3 parth.py -t geeksforgeeks.org

In the below Screenshot, You can see that our results are ready, we have got the parameters on the URLs along with the risks that are associated with it also we have got the location. In the below Screenshot, from the highlighted part, you can see that a specific URL may be vulnerable to LFI, XSS, SSRF vulnerabilities.



Example 2: Ignore duplicate parameter names

In this example, We will be ignoring duplicate parameters names on the target domain. We have chosen example.com as our target because it consists of lots of duplicate parameters so we will be ignoring this duplicate parameter. We have used -u tag to ignore duplicate parameters.

python3 parth.py -ut example.com

In the below Screenshot, the results which are retrieved are unique results, no same parameter will be seen in the results, which makes the tester’s work easier.

Example 3: Save parameter names

In this example, We will be saving the Parameter names in a text file named params-google.com.txt.

python3 parth.py -pt google.com

In the below Screenshot, You can see that the parameter names are stores in the text file.

Example 4: File Format Output

In this example, We will be saving the results of parameters detected in the file format. -f tag is used to save the results.

python3 parth.py -t geeksforgeeks.org -f geeksforgeeks.txt 

In the below screenshot, you can see that the results are stored in the text file along with the Risks/Issues and the Location.

Parth tool is a 2very helpful tool if any security researcher or bug bounty hunter is trying to hunt bugs that depend on user input like SSRF, LFI, XSS. Parth tool easily detects parameters on the URL along with the risk associated with it.




My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!