RedTeam
3.Web-Hacking
4.Injection
Tools
Paramspider

Top Commands

python3 paramspider.py --domain WEBSITE --exclude woff,css,js,png,svg,php,jpg --output WEBISTE.txt

What is ParamSpider

Search all parameters that can be FUZZ on a website

Key Features :

  • Discover URLs for a single domain:

    paramspider -d example.com

  • Discover URLs for multiple domains from a file:

    paramspider -l domains.txt

  • Stream URLs on the termial:

    paramspider -d example.com -s

  • Set up web request proxy:

    paramspider -d example.com --proxy '127.0.0.1:7890'

  • Adding a placeholder for URL parameter values (default: "FUZZ"):

     paramspider -d example.com -p '"><h1>reflection</h1>'

More Information

https://github.com/devanshbatham/ParamSpider (opens in a new tab)

4.blind SsrfCommands