├── .github ├── FUNDING.yml ├── image.jpg ├── image.png ├── linux.jpg ├── support.svg └── windows.png ├── LICENSE ├── README.md └── bhedak.py /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | ko_fi: r0x4r -------------------------------------------------------------------------------- /.github/image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/R0X4R/bhedak/97fb0ebed42f66e3d3e6ccdf457ec4d50c39faab/.github/image.jpg -------------------------------------------------------------------------------- /.github/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/R0X4R/bhedak/97fb0ebed42f66e3d3e6ccdf457ec4d50c39faab/.github/image.png -------------------------------------------------------------------------------- /.github/linux.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/R0X4R/bhedak/97fb0ebed42f66e3d3e6ccdf457ec4d50c39faab/.github/linux.jpg -------------------------------------------------------------------------------- /.github/support.svg: -------------------------------------------------------------------------------- 1 | 2 | New Project 3 | 4 | 5 | 6 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.github/windows.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/R0X4R/bhedak/97fb0ebed42f66e3d3e6ccdf457ec4d50c39faab/.github/windows.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 R0X4R 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 |

5 | Bhedak 6 |

7 | 8 | A replacement of [`qsreplace`](https://github.com/tomnomnom/qsreplace), accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every `OS`. Made with `python`
9 | 10 |

Installation


11 | 12 | ```sh 13 | $ pip3 install bhedak 14 | ``` 15 | 16 | 17 | ```sh 18 | $ wget -O bhedak https://raw.githubusercontent.com/R0X4R/bhedak/main/bhedak.py -q && chmod +x bhedak && mv bhedak /usr/bin/ 19 | ``` 20 | 21 |

Usage


22 | 23 | - **For `linux`, `unix` and `debian` based systems** 24 | 25 | ![linux](.github/linux.jpg) 26 | 27 | ```sh 28 | $ waybackurls target.tld | bhedak "payload" 29 | ``` 30 | 31 | - **For `windows` based systems** 32 | 33 | ![windows](.github/windows.png) 34 | 35 | ```sh 36 | cmd> type urls.txt | python bhedak.py "payload" 37 | ``` 38 | 39 | - **If no `payload` passed** 40 | 41 | ```console 42 | $ waybackurls subdomain.target.tld | bhedak 43 | 44 | http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ 45 | http://subdomain.target.tld/disclaimer.php=FUZZ 46 | http://subdomain.target.tld/hpp/index.php?pp=FUZZ 47 | http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ 48 | ``` 49 | 50 | - **Example input file** 51 | 52 | ```console 53 | $ waybackurls subdomain.target.tld | tee -a urls 54 | 55 | http://subdomain.target.tld/comment.php?pid=username&user=1 56 | http://subdomain.target.tld/disclaimer.php=1 57 | http://subdomain.target.tld/hpp/index.php?pp=12 58 | http://subdomain.target.tld/hpp/?pp=12&user=5 59 | ``` 60 | 61 | - **Replace query string values** 62 | 63 | ```console 64 | $ cat urls | bhedak "FUZZ" 65 | 66 | http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ 67 | http://subdomain.target.tld/disclaimer.php=FUZZ 68 | http://subdomain.target.tld/hpp/index.php?pp=FUZZ 69 | http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ 70 | ``` 71 | 72 | - **Replace query string with custom payloads** 73 | 74 | ```console 75 | $ cat urls | bhedak "\">*'/---+{{7*7}}" 76 | 77 | http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D 78 | http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D 79 | http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D 80 | http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D 81 | ``` 82 | - **Remove duplicate urls** 83 | 84 | ```console 85 | $ cat urls | bhedak "FUZZ" | sort -u 86 | 87 | http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ 88 | http://subdomain.target.tld/disclaimer.php=FUZZ 89 | http://subdomain.target.tld/hpp/index.php?pp=FUZZ 90 | http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ 91 | ``` 92 | - **Comparsion** 93 | 94 | 95 |

96 | 97 | 98 | ```console 99 | $ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ" 100 | http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ 101 | 102 | $ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | bhedak "FUZZ" 103 | http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ?hardwareid=FUZZ&tarifid=FUZZ 104 | ``` 105 | 106 |

Donate

107 | If this tool helped you or you like my work
108 | 109 |


110 | 111 | --- 112 | 113 | Thanks to [`@tomnomnom`](https://github.com/tomnomnom) for making an amazing tool called [`qsreplace`](https://github.com/tomnomnom/qsreplace), from using [`qsreplace`](https://github.com/tomnomnom/qsreplace) I got idea to make [`bhedak`](https://github.com/R0X4R/bhedak) 114 | -------------------------------------------------------------------------------- /bhedak.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | ''' 3 | Author: R0X4R (Eshan Singh) 4 | Version: 2.0.0 5 | ''' 6 | import re 7 | import urllib.parse as ul 8 | from sys import stdin, stdout, argv, exit 9 | 10 | #@> TAKE INPUT FROM USER AS "sys.argv[1]"", ELSE IT WILL USE "FUZZ" AS THE VALUE 11 | try: 12 | encoded = ul.quote(str(argv[1]), safe='') 13 | except IndexError: 14 | encoded = ul.quote("FUZZ", safe='') 15 | 16 | #@> READ URLs AS STDIN AND USE REGEX TO FILTER AND REPLACE 17 | try: 18 | for url in stdin.readlines(): 19 | domain = str(url.strip()) 20 | stdout.write(re.sub(r"=[^?\|&]*", '=' + str(encoded), str(domain)) + '\n') 21 | except KeyboardInterrupt: 22 | exit(0) 23 | except: 24 | exit(127) --------------------------------------------------------------------------------