👑Find Parameters

My OneLiner

Configure File Names

cat all_endpoints.txt | gf xss | httpx -mc 200 > xss_parameters.txt && all_endpoints.txt | gf sqli | httpx -mc 200 > sqli_parameters.txt && cat all_endpoints.txt | grep "=" | httpx -mc 200 > Fuzz_parameters.txt && cat all_endpoints.txt | grep "utm_" | httpx -mc 200 > utm_parameters.txt && cat Fuzz_parameters.txt xss_parameters.txt sqli_parameters.txt utm_parameters.txt > merged_parameters.txt && cat merged_parameters.txt | kxss && arjun -i active_endpoints.txt -oT active_endpoints_Arjun_result.txt && arjun -i active_ext_endpoints.txt -oT active_ext_endpoints_Arjun_result.txt && arjun -i old_endpoints.txt -oT old_endpoints_Arjun_result.txt && arjun -i old_php_endpoints.txt -oT old_php_endpoints_Arjun_result.txt && arjun -i old_html_endpoints.txt -oT old_html_endpoints_Arjun_result.txt && cat active_endpoints_Arjun_result.txt active_ext_endpoints_Arjun_result.txt old_endpoints_Arjun_result.txt old_php_endpoints_Arjun_result.txt old_html_endpoints_Arjun_result.txt > merged_endpoints_Arjun_result_to_chek_XSS.txt && cat merged_endpoints_Arjun_result_to_chek_XSS.txt | Gxss -c 100 -p asad | grep asad > reflect_parameters.txt && cat merged_endpoints_Arjun_result_to_chek_XSS.txt | kxss > Unfiltered_parameters.txt

My OneLiner for Burp

cat merged_parameters.txt | parallel -j 10 'curl --proxy http://127.0.0.1:8080 -sk {}' >> /dev/null &&

❗ Information IMPORTANT ❗

Bruteforce Parameters Recursively. For exemple:

• exemple.com/page? - - > valid param "ID" * bruteforce params for exemple.com/page?ID=1 -- >

• next bruteforce exemple.com/page?ID=1&meth... and so on

Find Hidden Parameters on Login-Register-Logout Pages for XSS

-------------------------------------------------------------

Bruteforce Parameters to hidden_endpoints.txt

Arjun -i hidden_endpoints.txt --stable -oT hidden_endpoints_Arjun_result.txt

x8 -u hidden_endpoints.txt -w Parameter.txt hidden_endpoints_x8_result.txt

Send Data to Burp_Suite:

cat hidden_endpoints_Arjun_result.txt | parallel -j 10 'curl --proxy http://127.0.0.1:8080 -sk {}' >> /dev/null

ffuf -u https:website.com/?FUZZ=test -w My-Recon-Wordlist\Assetnote-wordlist\parameters-wordlist\httparchive_parameters_top_1m_.txt -mc 200 -p 0.5-0.6

-------------------------------------------------------------

Bruteforce Parameters to active_endpoints.txt

Arjun -i active_endpoints.txt --stable -oT active_endpoints_Arjun_result.txt

x8 -u active_endpoints.txt -w Parameter.txt -o active_endpoints_x8_result.txt

Send Data to Burp_Suite:

cat active_endpoints_Arjun_result.txt | parallel -j 10 'curl --proxy http://127.0.0.1:8080 -sk {}' >> /dev/null

ffuf -u https:website.com/?FUZZ=test -w My-Recon-Wordlist\Assetnote-wordlist\parameters-wordlist\httparchive_parameters_top_1m_.txt -mc 200 -p 0.5-0.6

-------------------------------------------------------------

Bruteforce Parameters to old_endpoints.txt

Arjun -i old_endpoints.txt --stable -oT old_endpoints_Arjun_result.txt

x8 -u old_endpoints.txt -w Parameter.txt -o old_endpoints_x8_result.txt

Send Data to Burp_Suite:

cat old_endpoints_Arjun_result.txt | parallel -j 10 'curl --proxy http://127.0.0.1:8080 -sk {}' >> /dev/null

ffuf -u https:website.com/?FUZZ=test -w My-Recon-Wordlist\Assetnote-wordlist\parameters-wordlist\httparchive_parameters_top_1m_.txt -mc 200 -p 0.5-0.6

-------------------------------------------------------------

Find Parameters Using Archive URLS

cat all.txt | gf xss | httpx -mc 200 > xss_parameters.txt

cat all.txt | gf sqli | httpx -mc 200 > sqli_parameters.txt

cat all.txt | grep "=" | httpx -mc 200 > Fuzz_parameters.txt

cat all.txt | grep "utm_" | httpx -mc 200 > utm_parameters.txt

Send Data to Burp_Suite:

cat Fuzz_parameters.txt xss_parameters.txt sqli_parameters.txt utm_parameters.txt | parallel -j 10 'curl --proxy http://127.0.0.1:8080 -sk {}' >> /dev/null

-------------------------------------------------------------

Bruteforce Parameters Using xnLinkFinder_endpoints.txt

Arjun -i xnLinkFinder_endpoints.txt --stable -oT xnLinkFinder_endpoints_Arjun_result.txt

x8 -u xnLinkFinder_endpoints.txt -w parameter.txt -o xnLinkFinder_x8_endpoints.txt

Send Data to Burp_Suite:

cat xnLinkFinder_Arjun_endpoints.txt | parallel -j 10 'curl --proxy http://127.0.0.1:8080 -sk {}' >> /dev/null

Use Only Spesific URL

ffuf -u https:website.com/?FUZZ=test -w My-Recon-Wordlist\Assetnote-wordlist\parameters-wordlist\httparchive_parameters_top_1m_.txt -mc 200 -p 0.5-0.6 -x "http://127.0.0.1:8080"

-------------------------------------------------------------