Built by baba01hacker
ParamGhost is an advanced parameter discovery and fuzzing tool designed to uncover hidden or unused HTTP parameters by analyzing JavaScript sources and performing response difference correlation.
By analyzing front-end code (such as variables, FormData, and .append calls) and cross-referencing with back-end responses, ParamGhost accurately identifies hidden debugging endpoints, admin flags, and other unexposed parameters.
- JavaScript Parsing: Extracts potential parameters from query strings, JSON keys, and dynamically built forms in
.jsfiles. - Smart Fuzzing: Automatically correlates responses against a pre-established baseline to filter out dynamic content noise (like timestamps or CSRF tokens).
- Concurrency Support: Multi-threaded execution for blazing-fast parameter fuzzing.
- Advanced Networking: Supports proxies, custom headers, cookies, request delays, and automatic retries on rate limits/server errors.
- JSON Output: Export findings neatly to a
.jsonfile for integration into automation pipelines. - Beautiful Output: Professional, colorized terminal UI with progress tracking.
-
Clone the repository:
git clone https://github.com/Baba01hacker666/paramghost.git cd paramghost -
Install dependencies:
pip install -r requirements.txt
If installed via pip:
paramghost -u <target_url> [options]Or run directly from source:
python3 paramghost/main.py -u <target_url> [options]| Flag | Name | Description |
|---|---|---|
-u, --url |
Target URL | The base URL to scan (e.g. http://example.com/app). (Required) |
-w, --workers |
Workers | Number of concurrent workers (default: 10). |
-p, --passive |
Passive Sources | Collect parameters from passive sources (Wayback, OTX, CommonCrawl). |
-t, --timeout |
Timeout | HTTP request timeout in seconds (default: 10). |
-d, --delay |
Delay | Delay between requests in seconds (default: 0). |
-W, --wordlist |
Wordlist | Custom wordlist file containing parameters to fuzz. |
-H, --header |
Header | Custom header (e.g. -H "Authorization: Bearer token"). Can be used multiple times. |
-c, --cookie |
Cookie | Custom cookies (e.g. -c "session=123; user=admin"). |
-x, --proxy |
Proxy | HTTP/HTTPS proxy (e.g. -x http://127.0.0.1:8080). |
--no-redirects |
No Redirects | Disable following HTTP redirects. |
-o, --output |
Output | Output file to save results in JSON format. |
Basic run:
python3 paramghost.py -u https://target.com/Advanced run with authentication, proxy, and JSON export:
python3 paramghost.py -u https://target.com/ \
-H "Authorization: Bearer xyz123" \
-c "session_id=abcdef" \
-x http://127.0.0.1:8080 \
-o results.jsonThis tool is designed for educational and authorized security testing purposes only. Do not use ParamGhost against applications you do not have explicit permission to test.