├── requirements.txt
├── README.md
└── ParamReplace.py


/requirements.txt:
--------------------------------------------------------------------------------
1 | colorama


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # ParamReplace
 2 | 
 3 | ParamReplace is a program for changing the values of query strings in url addresses.You can use this program together with the waybackurls program. this program has been tried only on linux.
 4 | 
 5 | # install
 6 | 
 7 | ```
 8 | git clone https://github.com/Phoenix1112/ParamReplace.git
 9 | 
10 | cd ParamReplace
11 | 
12 | pip3 install -r requirements.txt
13 | 
14 | ```
15 | 
16 | # usage
17 | 
18 | There are 3 different methods in the program(Default method 3). Replaces the default keyword FUZZ with the value. 
19 | 
20 | Example input file: 
21 | 
22 | ```
23 | cat urls.txt
24 | 
25 | https://www.example.com/?id=3
26 | https://www.example.com/?page=1&source=test
27 | https://www.example.com/?path=true&admin=true&id=5
28 | 
29 | ```
30 | 
31 | # replace values with --method 1
32 | 
33 | ```
34 | 
35 | cat urls.txt | python3 ParamReplace.py --stdin --method 1
36 | 
37 | or
38 | 
39 | python3 ParamReplace.py --list urls.txt --method 1
40 | 
41 | 
42 | output:
43 | -------
44 | 
45 | https://www.example.com/?id=FUZZ
46 | https://www.example.com/?page=FUZZ
47 | https://www.example.com/?path=FUZZ
48 | ```
49 | 
50 | # replace values with --method 2
51 | 
52 | ```
53 | 
54 | cat urls.txt | python3 ParamReplace.py --stdin --method 2
55 | 
56 | or
57 | 
58 | python3 ParamReplace.py --list urls.txt --method 2
59 | 
60 | 
61 | output:
62 | -------
63 | 
64 | https://www.example.com/?id=FUZZ
65 | https://www.example.com/?page=FUZZ&source=FUZZ
66 | https://www.example.com/?path=FUZZ&admin=FUZZ&id=FUZZ
67 | 
68 | ```
69 | 
70 | # replace values with --method 3 (This is Default method.. )
71 | 
72 | You do not need to use the --method 3 parameter. Also You can change the FUZZ keyword with the --param parameter.
73 | 
74 | ```
75 | 
76 | cat urls.txt | python3 ParamReplace.py --stdin --param NewKeyword
77 | 
78 | or
79 | 
80 | python3 ParamReplace.py --list urls.txt --param NewKeyword
81 | 
82 | 
83 | output:
84 | -------
85 | 
86 | https://www.example.com/?id=NewKeyword
87 | https://www.example.com/?page=NewKeyword
88 | https://www.example.com/?page=NewKeyword&source=NewKeyword
89 | https://www.example.com/?path=NewKeyword
90 | https://www.example.com/?path=NewKeyword&admin=NewKeyword&id=NewKeyword
91 | 
92 | ```
93 | 


--------------------------------------------------------------------------------
/ParamReplace.py:
--------------------------------------------------------------------------------
  1 | import os
  2 | import re
  3 | import sys
  4 | import argparse
  5 | import urllib.parse
  6 | from colorama import *
  7 | from requests.utils import requote_uri
  8 | 
  9 | 
 10 | class param_replace():
 11 | 
 12 | 	def __init__(self):
 13 | 
 14 | 		init(autoreset=True)
 15 | 
 16 | 		self.total_url = []
 17 | 		self.param_name = "=" + str(args.param)
 18 | 
 19 | 
 20 | 		if args.method == "1" or args.method == "2" or args.method == "3":
 21 | 			pass
 22 | 
 23 | 		else:
 24 | 			print(Fore.MAGENTA+"Wrong Method. You can only Use 1 2 3 For The --method Parameter")
 25 | 
 26 | 			sys.exit()
 27 | 
 28 | 
 29 | 		if args.list and not args.stdin:
 30 | 
 31 | 			if not os.path.exists(args.list):
 32 | 
 33 | 				print(Fore.MAGENTA+f"URL LIST NOT FOUND: {args.list}")
 34 | 
 35 | 				sys.exit()
 36 | 
 37 | 			with open(args.list, "r", encoding="utf-8") as f:
 38 | 
 39 | 				[self.param_change(x) for x in f.read().split("\n") if x and "=" in str(x)]
 40 | 
 41 | 
 42 | 		elif args.stdin and not args.list:
 43 | 
 44 | 			[self.param_change(x) for x in sys.stdin.read().split("\n") if x and "=" in str(x)]
 45 | 
 46 | 		else:
 47 | 
 48 | 			print(Fore.MAGENTA+"WRONG PARAMS..")
 49 | 
 50 | 			sys.exit()
 51 | 
 52 | 
 53 | 	def param_change(self,url):
 54 | 
 55 | 		url = url.replace("=&","=1&")
 56 | 
 57 | 		if url.endswith("="):
 58 | 			url = str(url) + "1"
 59 | 
 60 | 		param_list = []
 61 | 		
 62 | 		parse = list(urllib.parse.parse_qs(url).keys())
 63 | 		
 64 | 		if not parse:
 65 | 			pass
 66 | 		
 67 | 		else:
 68 | 		
 69 | 			alone_param = parse[0] + self.param_name
 70 | 		
 71 | 			for x in parse:
 72 | 				param_list.append(x + self.param_name)
 73 | 
 74 | 			multi_param = ("&").join(param_list)
 75 | 			
 76 | 			if ("https://" in alone_param or "http://" in alone_param) or ("https://" in multi_param or "http://" in multi_param):
 77 | 				self.edit(alone_param,multi_param,url)
 78 | 
 79 | 	def edit(self,alone_param,multi_param,url):
 80 | 
 81 | 		alone_param = requote_uri(alone_param)
 82 | 		multi_param = requote_uri(multi_param)
 83 | 
 84 | 		if args.method == "1":
 85 | 
 86 | 			if not alone_param in self.total_url:
 87 | 
 88 | 				self.total_url.append(alone_param)
 89 | 
 90 | 				if args.output:
 91 | 
 92 | 					self.print_now(alone_param)
 93 | 
 94 | 				print(Fore.MAGENTA+str(alone_param))
 95 | 
 96 | 
 97 | 		elif args.method == "2":
 98 | 
 99 | 			if not multi_param in self.total_url:
100 | 
101 | 				self.total_url.append(multi_param)
102 | 
103 | 				if args.output:
104 | 
105 | 					self.print_now(multi_param)
106 | 
107 | 				print(Fore.MAGENTA+str(multi_param))
108 | 
109 | 		else:
110 | 
111 | 			if "&" in url:
112 | 
113 | 				if not alone_param in self.total_url:
114 | 
115 | 					self.total_url.append(alone_param)
116 | 
117 | 					if args.output:
118 | 
119 | 						self.print_now(alone_param)
120 | 
121 | 					print(Fore.MAGENTA+str(alone_param))
122 | 
123 | 
124 | 				if not multi_param in self.total_url:
125 | 
126 | 					self.total_url.append(multi_param)
127 | 
128 | 					if args.output:
129 | 
130 | 						self.print_now(multi_param)
131 | 
132 | 					print(Fore.MAGENTA+str(multi_param))
133 | 
134 | 			else:
135 | 
136 | 				if not alone_param in self.total_url:
137 | 
138 | 					self.total_url.append(alone_param)
139 | 
140 | 					if args.output:
141 | 
142 | 						self.print_now(alone_param)
143 | 
144 | 					print(Fore.MAGENTA+str(alone_param))
145 | 
146 | 
147 | 	def print_now(self,target_url):
148 | 
149 | 		with open(args.output, "a+", encoding="utf-8") as file:
150 | 
151 | 			file.write(str(target_url) + "\n")
152 | 
153 | 
154 | 
155 | if __name__ == "__main__":
156 | 
157 | 	ap = argparse.ArgumentParser()
158 | 
159 | 	ap.add_argument("-l", "--list", metavar="", required=False, help="READ URLS FROM LIST")
160 | 	ap.add_argument("-s", "--stdin", action="store_true", required=False, help="READ URLS FROM STDIN")
161 | 	ap.add_argument("-m", "--method", default="3", type=str, metavar="", required=False, help="PARAMETER PARSING METHOD(DEFAULT-3)")
162 | 	ap.add_argument("-p", "--param", default="FUZZ", type=str, metavar="", required=False, help="PARAM NAME(DEFAULT-FUZZ)")
163 | 	ap.add_argument("-o", "--output", metavar="", required=False, help="Save Output")
164 | 
165 | 	args = ap.parse_args()
166 | 
167 | 	start_replace = param_replace()
168 | 


--------------------------------------------------------------------------------