parameth – Brute Discover GET and POST parameters

parameth is a tool that can be used to brute discover GET and POST parameters. Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them.

parameth - Brute Discover GET and POST parameters
parameth – Brute Discover GET and POST parameters

The tool have the following options:

  • URL Target URL
  • PARAMS, Provide a list of parameters to scan
  • HEADER, Add headers in format a:b c:d
  • AGENT, Specify a user agent
  • THREADS, Specify the number of threads.
  • OUT, Specify output file
  • PROXY, Specify a proxy in the form http|s://[IP]:[PORT]
  • COOKIE, Specify Cookies
  • TIMEOUT Specify a timeout in seconds to wait between each request.

The -off flag allows you to specify an offset (helps with dynamic pages) so for example, if you were getting alternating response sizes of 4444 and 4448, set the offset to 5 and it will only show the stuff outside the norm.

You can read more and download this tool over here: https://github.com/maK-/parameth

Share