README
ΒΆ
π ParamFuzzer
A powerful, fast, and intelligent parameter discovery tool for web application security testing. ParamFuzzer extracts parameters from web applications using advanced techniques and identifies potentially suspicious parameters that could be vulnerable to various attacks.
π Key Features
- π Multi-Protocol Support: Full HTTP/1.1 and HTTP/2 compatibility
- π§ Intelligent Parameter Extraction: Advanced regex engines + GAP.py integration
- π₯ Real-time Console Output: See parameters as they're discovered
- π·οΈ Advanced Crawling: Integration with Katana crawler for deep discovery
- π― Suspicious Parameter Detection: Automatically identifies potential vulnerability sinks
- β‘ Headless Browser Support: JavaScript-heavy applications with Chrome integration
- π§Ή Smart Filtering: Strict ASCII rules with intelligent false-positive removal
- π Multiple Output Formats: TXT, CSV, JSON with console-first approach
- π§ Flexible Input Methods: URLs, raw HTTP requests, file inputs, stdin
- π Zero Dependencies: Single binary, ready to use
π¦ Installation
Pre-built Binaries
Download the latest release for your platform from GitHub Releases.
Build from Source
git clone https://github.com/admiralhr99/paramFuzzer.git
cd paramFuzzer
go build -o paramfuzzer .
Go Install
go install github.com/admiralhr99/paramFuzzer@latest
π οΈ Usage
Basic Usage
# Console output (default)
paramfuzzer -u https://example.com
# Save to file
paramfuzzer -u https://example.com -o parameters.txt
# Use raw HTTP request
paramfuzzer -r request.txt
# Silent mode (clean output)
paramfuzzer -u https://example.com --silent
Advanced Usage
# Crawl mode with headless browser
paramfuzzer -u https://example.com -c -hl -d 3
# With proxy (Burp Suite)
paramfuzzer -r request.txt -x http://127.0.0.1:8080
# Detect suspicious parameters
paramfuzzer -u https://example.com --sus
# Custom headers and crawl duration
paramfuzzer -u https://example.com -H "Authorization: Bearer token" -ct 120
Real-world Examples
# Bug bounty workflow
echo "https://target.com" | paramfuzzer --silent | grep -E "(id|user|admin|debug)"
# Integration with other tools
cat urls.txt | paramfuzzer --silent -c | sort -u > all_params.txt
# Authenticated testing
paramfuzzer -r authenticated_request.txt -c -d 5 --sus -o results.json --format json
π― Detection Capabilities
ParamFuzzer can extract parameters from:
- URLs: Query parameters, path parameters
- JavaScript: Variables, object keys, function parameters, AJAX calls
- HTML: Form fields, input names, data attributes
- JSON: Object keys, nested structures
- XML: Element names, attributes
- HTTP Headers: Custom headers, cookies
- API Endpoints: REST parameters, GraphQL variables
- Templates: Template variables, placeholder values
Suspicious Parameter Detection
Automatically identifies parameters commonly associated with:
- π΄ XSS: script, javascript, innerHTML
- π΄ Code Injection: eval, exec, cmd, system
- π΄ SSRF: url, uri, endpoint, callback
- π΄ Path Traversal: file, path, include
- π΄ SQL Injection: query, sql, statement
π Command Line Options
INPUT:
-u, -url string Target URL or file containing URLs
-r, -request string Raw HTTP request file
-dir string Directory containing request/response files
CONFIGURATIONS:
-c, -crawl Enable crawling mode
-d, -depth int Maximum crawl depth (default: 2)
-ct, -crawl-duration Maximum crawl duration (e.g., 60s, 5m)
-hl, -headless Use headless browser
-H, -header strings Custom headers ("Name: Value")
-X, -method string HTTP method (default: GET)
-b, -body string POST data
-x, -proxy string Proxy URL (HTTP/SOCKS5)
OUTPUT:
-o, -output string Save to file (default: console output)
-format string Output format: txt, csv, json (default: txt)
--silent Clean output without banner
--sus Detect suspicious parameters
--include-origin Include parameter origin in output
FILTERING:
-xl, -max-length int Maximum parameter length (default: 30)
-nl, -min-length int Minimum parameter length (default: 0)
--sort string Sort order: alpha, length, sus (default: alpha)
RATE LIMITING:
-t, -thread int Number of threads (default: 1)
-rd, -delay int Request delay in seconds
π§ Integration Examples
With Burp Suite
paramfuzzer -r burp_request.txt -x http://127.0.0.1:8080 --sus
With Katana Crawler
echo "https://example.com" | katana -silent | paramfuzzer --silent
Pipeline Integration
# Complete recon pipeline
subfinder -d target.com | httpx | paramfuzzer -c --sus | grep -v "common" > potential_params.txt
Custom Workflows
# Find admin parameters
paramfuzzer -u https://target.com -c --sus | grep -i "admin\|debug\|test\|dev"
# API parameter discovery
paramfuzzer -u https://api.target.com -H "Authorization: Bearer $TOKEN" -o api_params.json --format json
π¨ Output Examples
Console Output
Parameters found:
username
password
email
user_id [suspicious: JS_ATTRIBUTE]
redirect_url [suspicious: JS_URL]
callback [suspicious: SSRF]
Parameter discovery completed - results displayed above
Use -o filename.txt to save results to a file
Found 6 total parameters
Found 3 suspicious parameters (50.0%)
JSON Output
[
{
"name": "username",
"origin": "https://example.com/login",
"is_suspicious": false
},
{
"name": "callback",
"origin": "https://example.com/api",
"is_suspicious": true,
"suspicious_type": "SSRF"
}
]
β‘ Performance
- Fast: Processes 1000+ parameters per second
- Memory Efficient: <50MB RAM usage
- HTTP/2 Ready: Full multiplexing support
- Concurrent: Multi-threaded processing
- Smart Caching: Avoids duplicate requests
π€ Contributing
Contributions are welcome! Please read our Contributing Guidelines for details.
Development Setup
git clone https://github.com/admiralhr99/paramFuzzer.git
cd paramFuzzer
go mod download
go build .
Adding New Extractors
- Add regex patterns to
funcs/parameters/find.go - Update tests in
funcs/parameters/find_test.go - Submit a pull request
π Documentation
π‘οΈ Security
ParamFuzzer is designed for authorized security testing only. Please ensure you have proper permission before testing any web application.
- Report security issues to: admiral@0x4min.xyz
- Follow responsible disclosure practices
- Do not use for unauthorized testing
π License
This project is licensed under the MIT License - see the LICENSE file for details.
π Acknowledgments
- GAP.py - Advanced parameter extraction techniques
- Katana - Powerful crawling engine integration
- ProjectDiscovery - Tools and libraries
- Bug Bounty Community - Testing and feedback
π Comparison
| Feature | ParamFuzzer | Arjun | ParamSpider | Parameth |
|---|---|---|---|---|
| HTTP/2 Support | β | β | β | β |
| Headless Browser | β | β | β | β |
| Real-time Output | β | β | β | β |
| Suspicious Detection | β | β | β | β |
| Crawling Integration | β | β | β | β |
| Multiple Formats | β | β | β | β |
π Roadmap
- Machine Learning parameter classification
- GraphQL introspection support
- WebSocket parameter extraction
- Cloud function integration
- Custom wordlist generation
- API fuzzing capabilities
If ParamFuzzer helped you find vulnerabilities, consider giving it a β!
Made with β€οΈ for the bug bounty and security community
Documentation
ΒΆ
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.