Sunday, 12 August 2018

Aron - A simple GO script for finding hidden GET & POST parameters with Brute-force


Installation
GET BRUTEFORCE:
   go run aron.go -url http://www.test.com/index.php -get
   go run aron.go -url http://www.test.com/index.php<[?|id=1|id=1&]> -get
   go run aron.go -url http://www.test.com/index.php<[?|id=1|id=1&]> -get -wordlist my_wordlist.txt

   <[?|id=1|id=1&]> => Possible end URL

   OR Note: in this case aron need the wordlist path
      aron -url http://www.test.com/index.php -get -wordlist path/wordlist.txt
      aron -url http://www.test.com/index.php<[?|id=1|id=1&]> -get -wordlist path/wordlist.txt

POST BRUTEFORCE:
   go run aron.go -url http://www.test.com/index.php -post
   go run aron.go -url http://www.test.com/index.php<[?id=1]> -post
   go run aron.go -url http://www.test.com/index.php<[?id=1]> -post -data "user=1"
   go run aron.go -url http://www.test.com/index.php<[?id=1]> -post -data "user=1" -wordlist my_wordlist

   OR Note: in this case aron need the wordlist path
      aron -url http://www.test.com/index.php -post -wordlist path/wordlist.txt
      aron -url http://www.test.com/index.php<[?id=1]> -post -data "user=1" -wordlist path/wordlist.txt
By at
Labels:forex, iqoption, pubg Hacked

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)