[M] ParamsDict and ParamsMask

Common description

Modules searching the parameters for target URL. Work based on changeable URL content depends some parameters.

Now possible 4 search ways — by GET/POST methods, by cookies and files uploading. Search by GET it''s URL request with many params in it. And POST search like it — params puts in request body. Cookies based method it''s requests to target URL with multiple cookies with different names. And files uploading method it''s multiple tries to upload small files on server with different files fields names.

Attention. You may specify count of searching params per request by option «--max-params-length». This option has double meaning. For GET and POST it''s a maximum params string length with values and amps (a=1&b=1&c=1…). Recommended value - 1000. For cookies and files this option set a count of names for check per request. Recommended value — 20.

As values of searching params using «1» by default. You can change it by «--value» option.

Module can search objects by mask, dictionary and by combination (mask + dict).

Module working in «raw» and «selenium» modes.

Examples

Params search by GET method (in URL) by dict:

./ws.py ParamsDict --url http://simple.polygon.web-scout.online/params-bruter-dict-get.php --dict bases/demo/dict.txt --max-params-length 1000 --params-method GET --not-found-re NOT

Params search by GET method (in URL) by mask:

./ws.py ParamsMask --url http://simple.polygon.web-scout.online/params-bruter-dict-get.php --mask ?l,1,2 --max-params-length 1000 --params-method GET --not-found-re NOT

Searching params of file upload script:

./ws.py ParamsDict --url http://simple.polygon.web-scout.online/params-bruter-dict-files.php --dict bases/demo/dict.txt --max-params-length 10 --params-method FILES --not-found-re NOT

Options (* - necessary)

R - available in raw mode S - available in Selenium mode.

Last updated