Download
ParamSpider is an open source command-line tool designed to discover URLs that contain parameters by mining historical data from web archives such as the Wayback Machine. It helps security researchers, penetration testers, and bug bounty hunters collect potential attack surfaces by automatically gathering archived URLs related to a specific domain. Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance.
Features
- Extracts URLs associated with a target domain from web archive sources
- Filters results to focus specifically on URLs containing parameters
- Supports scanning a single domain or multiple domains from a file
- Replaces parameter values with customizable placeholders for fuzzing
- Streams discovered URLs directly to the terminal during execution
- Supports proxy configuration for routing requests through a proxy
Project Samples
