Recon Tool: qsreplace
Reading Time: 2 Minutes
Recon Tool: qsreplace
When you are performing Bug Bounty or Penetration testing focusing on WebApps, you need speed. Its crucial to optimize your workflow in such way to be able to focus on the outcome. qsreplace by Tomnomnom is a tool that accepts URLs on stdin, replaces all query string values with a user-supplied value, and only output each combination of query string parameters once per host and path.
Let’s say you have prepared a file full of URLs with Parameters, and you want to perform Injection based attacks, SQLi, XSS or any type, and you have thousands of URLs and want to change all of the parameters into the word ‘FUZZ’ where at that point, fuzzing will take place. This tool does it in less than a second. Therefore you can understand how the workflow can be enhanced, so you can focus on the attack, without sacrificing the quality of recon work you will do.
See Also: Recon Tool: Dorks collections list
Usage
Example input file:
▶ cat urls.txt
https://example.com/path?one=1&two=2
https://example.com/path?two=2&one=1
https://example.com/pathtwo?two=2&one=1
https://example.net/a/path?two=2&one=1
Replace Query String Values
▶ cat urls.txt | qsreplace newval
https://example.com/path?one=newval&two=newval
https://example.com/pathtwo?one=newval&two=newval
https://example.net/a/path?one=newval&two=newval
See Also: Complete Offensive Security and Ethical Hacking Course
Append to Query String Values
▶ cat urls.txt | qsreplace -a newval
https://example.com/path?one=1newval&two=2newval
https://example.com/pathtwo?one=1newval&two=2newval
https://example.net/a/path?one=1newval&two=2newval
Remove Duplicate URL and Parameter Combinations
You can omit the argument to -a to only output each combination of URL and query string parameters once:
▶ cat urls.txt | qsreplace -a
https://example.com/path?one=1&two=2
https://example.com/pathtwo?one=1&two=2
https://example.net/a/path?one=1&two=2
See Also: Write up: Hacking is an art, and so is subdomain enumeration.
Install
With Go:
▶ go install github.com/tomnomnom/qsreplace@latest
Or download a release and put it somewhere in your $PATH (e.g. in /usr/local/bin).
See Also: Write up: How to schedule tasks the right way in Linux, using crontab