Home

Awesome

fuzzparam

What is?

A fast go based param miner to fuzz possible parameters a URL can have.

TL;DR

Give it list of URL's and it will find the parameters that URL will have

Download

Download and Build it using following command:

$ git clone https://github.com/0xsapra/fuzzparam
$ cd fuzzparam
$ go build fuzzparam.go  

Flags supported

FlagDescriptionExample
-XHTTP Method-X POST
-xProxy Url-x http://127.0.0.1:8080
-cConcurrency/threads(Default 25)-c 100
-HHeaders-H "Cookie: test:1" -H "X-Forwarded-For: x.com"
-wPath to wordlist-w ./parameters.txt

Usage

$ ./fuzzparam -X GET -w ./parameters.txt -H "Cookie: asdf" https://site.com 

OR

$ echo "https://site.com\nhttps://site2.com\nhttps://site.com/asdf.php\n" > domains.txt

$ cat domains.txt | ./fuzzparam -w ./parameters.txt -H "Cookie: asdg"

OR, use it will other tools. Like projectdiscovery's httpx. https://github.com/projectdiscovery/httpx and, tomnonnom's waybackurls https://github.com/tomnomnom/waybackurls

$ cat domains.txt | waybackurls | httpx | fuzzparam -w ./parameters.txt > finalUrlsWithParams.txt