Skip to content

DriftSec/parabuster

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
attack
attack
 
 
core
core
 
 
data
data
 
 
find
find
 
 
GET.req
GET.req
 
 
MULTIPART.req
MULTIPART.req
 
 
POST.req
POST.req
 
 
README.md
README.md
 
 
main.go
main.go
 
 
pb.png
pb.png
 
 

Repository files navigation

Fast parameter discovery and attack tool.

Usage: parabuster [mode] [options]

Modes:
     find                 Discovers paramaters for an URL.
     attack               Fuzzes known parameters for issues.


Usage of find:
    -chunk|c int
            Chunk Size (default 50)

    -method|m string
            Method [get,post,all] (default "all")

    -threads|t int
            Concurent threads (default 10)

    -url|u string
            Target URL to test

    -wordlist|w string
            Parameter wordlist

Find

Designed around Arjun.py, implemented in go with improved filtering capabilities.

Sequence:

  • queries the page and searches for form values, if found they are added to the wordlist queue.
  • performs autocalibration, checks headers, status, response body and applies special filitering to filter reflected values (even if reflected multiple times)
  • Splits the wordlist into chunks
  • tries each chunk, if content changes it splits the chunk again, repeats until a final valid parameter is found.

Attack

Not complete, starting this soon.

About

Parameter discovery and fuzzing tool

Resources

Readme
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages