Working with Parth Tool on Kali Linux
Example 1: Find URLs for a domain
In this example, We will be performing Parameter scanning on our target w3wiki.org. We have used -t (target) tag to specify our target host.
python3 parth.py -t w3wiki.org
In the below Screenshot, You can see that our results are ready, we have got the parameters on the URLs along with the risks that are associated with it also we have got the location. In the below Screenshot, from the highlighted part, you can see that a specific URL may be vulnerable to LFI, XSS, SSRF vulnerabilities.
Example 2: Ignore duplicate parameter names
In this example, We will be ignoring duplicate parameters names on the target domain. We have chosen example.com as our target because it consists of lots of duplicate parameters so we will be ignoring this duplicate parameter. We have used -u tag to ignore duplicate parameters.
python3 parth.py -ut example.com
In the below Screenshot, the results which are retrieved are unique results, no same parameter will be seen in the results, which makes the tester’s work easier.
Example 3: Save parameter names
In this example, We will be saving the Parameter names in a text file named params-google.com.txt.
python3 parth.py -pt google.com
In the below Screenshot, You can see that the parameter names are stores in the text file.
Example 4: File Format Output
In this example, We will be saving the results of parameters detected in the file format. -f tag is used to save the results.
python3 parth.py -t w3wiki.org -f w3wiki.txt
In the below screenshot, you can see that the results are stored in the text file along with the Risks/Issues and the Location.
Parth tool is a 2very helpful tool if any security researcher or bug bounty hunter is trying to hunt bugs that depend on user input like SSRF, LFI, XSS. Parth tool easily detects parameters on the URL along with the risk associated with it.
Parth – Heuristic Vulnerable Parameter in Linux
The URL parameter is a way to transfer data about a click-through URL. We can include URL parameters into your URLs so that your URLs track data about a click.
For example, the parameter w3wiki.org/demo?url=[victim_payload] can contain URLs as the value and can fall victim or target for various vulnerabilities like LFI, XSS, etc. Open-Redirection, SSRF attacks, and many more. Parth tool is a python language-based tool that can discover URLs to find parameters names and the vulnerabilities or risks commonly associated with them. Parth tool can store the results in the file and JSON format. Parth tool is designed to assist penetration testers in security testing by prioritization of components for testing.
Contact Us