Welcome back, my aspiring cyberwarriors!
When attempting to hack/pentest a website, it can be extremely useful to get the parameters of various pages. These might include php, woff, css, js, png,svg, php, jpg and others. Each of these parameters might indicate a particular vulnerability such as SQL injection, XSS, LFI, and others. When we have discovered the parameters, we then test each of them for vulnerabilities. This can be particularly useful in bug bounty hunting.
There are a number of tools we can use to spider the site such as OWASP-ZAP or Web Scarab but such tools can be very noisy and don’t offer any stealth. Any security device or security engineer worth their overpaid salary will likely notice the additional traffic and rapid requests. One of the ways to avoid this detection is to scan the archive of the website at archive.org (as you know, archive.org maintains a repository of all websites from the past). Of course, these archives will not likely be identical to the live site, but will likely have enough in common to minimize false positives while at the same time, not alerting the site owner.
There is an excellent tool for finding these parameters using archived websites called ParamSpider. Let’s take a look at it here in this tutorial.
Step #1: Download and Install ParamSpider
Our first step is to download and then install paramspider. We can use git clone to clone it into our system.
kali > sudo git clone https://github.com/devanshbatham/ParamSpider
kali > cd Paramspider
kali > ls -l
kali > pip install -r requirements.txt
Step #2: Start ParamSpider
Now that we have paramspider installed, let’s check its help screen.
kali > sudo python3 ./paramspider.py -d tesla.com
kali > more output/tesla.com.txt
kali > sudo python3 ./paramspider.py -d tesla.com -e php, aspx, jpg, png
Summary
In web app hacking or bug bounty hunting, it can be very advantageous to find parameters that are often vulnerable to a particular type of attack. With a tool like paramspider, we can enumerate and list these URL’s and then use them for testing at a later time without raising any alarm bells at the site’s owners. Although far from perfect, it can provide us with some insight into the potential vulnerabilities as well as vulnerabilities that have been mitigated (if a particular type of vulnerability existed in one section of the site, it is very likely there are other similar vulnerabilities).
ParamSpider is one more valuable tool in the web app hacker/pentester/bug bounter hunter’s tool box!