gwen001 / offsectools_www

A vast collection of security tools and resources curated by the community.
https://offsec.tools
181 stars 23 forks source link

[addtool] param-miner #253

Closed gwen001 closed 1 year ago

gwen001 commented 1 year ago

[link]https://github.com/PortSwigger/param-miner[/link] [short_descr]Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.[/short_descr] [tags]burpsuite,parameters[/tags] [long_descr]It combines advanced diffing logic from Backslash Powered Scanner with a binary search technique to guess up to 65,000 param names per request. Param names come from a carefully curated built in wordlist, and it also harvests additional words from all in-scope traffic.

You can also launch guessing attacks on multiple selected requests at the same time - this will use a thread pool so you can safely use it on thousands of requests if you want. Alternatively, you can enable auto-mining of all in scope traffic.[/long_descr]

Screenshot 2022-12-24 at 18 21 07
gwen001 commented 1 year ago

Issue correctly handled, tool is waiting for human validation.

gwen001 commented 1 year ago

Tool has been accepted: https://offsec.tools/tool/param-miner

Thank you!