Linux command
paramspider 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Find parameters for domain
paramspider -d [example.com]
Exclude specific file extensions
paramspider -d [example.com] --exclude [woff,css,js,png,jpg]
Use custom placeholder for parameter values
paramspider -d [example.com] -p "[FUZZ]"
Set output directory
paramspider -d [example.com] -o [results/]
Spider a list of domains from a file
paramspider -l [domains.txt]
说明
paramspider discovers URL parameters by mining web archives. It queries archive.org's Wayback Machine to find historical URLs with parameters for a target domain. Useful for finding hidden parameters, endpoints, and potential injection points during security testing.
参数
- -d, --domain _domain_
- Target domain.
- -l, --list _file_
- File containing a list of domains.
- -o, --output _dir_
- Output directory (default: ./results).
- --exclude _exts_
- Exclude URLs with specific extensions (comma-separated).
- -p, --placeholder _str_
- Placeholder for parameter values (default: FUZZ).
- --level _level_
- Find nested parameters (e.g., high).
- -q, --quiet
- Quiet mode, suppress URL output to screen.
- -s, --subs
- Include subdomains.
FAQ
What is the paramspider command used for?
paramspider discovers URL parameters by mining web archives. It queries archive.org's Wayback Machine to find historical URLs with parameters for a target domain. Useful for finding hidden parameters, endpoints, and potential injection points during security testing.
How do I run a basic paramspider example?
Run `paramspider -d [example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -d, --domain _domain_ do in paramspider?
Target domain.