Description
ParamSpider mines web archive data to find URL parameters for a given domain. It fetches URLs from the Wayback Machine that contain parameters, making it useful for discovering hidden input points.
Installation
BASH
pip install paramspiderBasic Usage
BASH
# Discover parameters
paramspider -d target.com
# Save output
paramspider -d target.com -o params.txtAdvanced Usage
BASH
# Exclude extensions
paramspider -d target.com --exclude woff,css,js,png,svg
# With specific level
paramspider -d target.com -l high
# Placeholder for testing
paramspider -d target.com -p "FUZZ"
# Multiple domains
cat domains.txt | while read d; do paramspider -d "$d"; doneCommon Workflows
BASH
# Find params and test for XSS
paramspider -d target.com | dalfox pipe
# Mine params for SQLi testing
paramspider -d target.com -p "1" | sqlmap --batch --level 3