Paramax is a command-line program for analyzing URL parameters. It provides both passive and active modes of operation to help identify potential security vulnerabilities and discover hidden functionality within a target domain.
- Passive mode: Analyzes the target domain by fetching and processing URLs from various aggregators.
- Active mode: Performs active analysis by modifying URL parameters and generating new URLs for testing.
- Support for subdomains: Includes subdomains when fetching URLs from aggregators (optional).
- Exclude specific file extensions from analysis.
- Output results to a file.
- Customizable placeholder string for parameter modification.
- Silent mode: Suppresses printing results to the screen when an output file is specified.
Direct from github with go:
go install github.com/kenjoe41/paramax/...@latest
-
Clone the Paramax repository:
git clone https://github.com/kenjoe41/paramax.git
-
Navigate to the project directory:
cd paramax -
Build the binary using the Go compiler:
go build .
Passive mode (default):
paramax --domain example.com
Active mode:
paramax active --domain example.com
For more options and flags, refer to the command-line help:
paramax --help
I started out and rewrote ParamSpider by 0xAsm0d3us, into Golang. All credit to him.
Contributions are welcome! If you find any bugs or have suggestions for improvements, please submit an issue or create a pull request.
This project is licensed under the MIT License.