Recon Tool: qsreplace

by | May 26, 2022 | Tools

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 2 Minutes

Recon Tool: qsreplace

GitHub Link

 

When you are performing Bug Bounty or Penetration testing focusing on WebApps, you need speed. Its crucial to optimize your workflow in such way to be able to focus on the outcome. qsreplace by Tomnomnom is a tool that accepts URLs on stdin, replaces all query string values with a user-supplied value, and only output each combination of query string parameters once per host and path.

Let’s say you have prepared a file full of URLs with Parameters, and you want to perform Injection based attacks, SQLi, XSS or any type, and you have thousands of URLs and want to change all of the parameters into the word ‘FUZZ’ where at that point, fuzzing will take place. This tool does it in less than a second. Therefore you can understand how the workflow can be enhanced, so you can focus on the attack, without sacrificing the quality of recon work you will do.

 

See Also: Recon Tool: Dorks collections list

 

Usage

Example input file:

▶ cat urls.txt

https://example.com/path?one=1&two=2

https://example.com/path?two=2&one=1

https://example.com/pathtwo?two=2&one=1

https://example.net/a/path?two=2&one=1

 

 

Replace Query String Values

 

▶ cat urls.txt | qsreplace newval

https://example.com/path?one=newval&two=newval

https://example.com/pathtwo?one=newval&two=newval

https://example.net/a/path?one=newval&two=newval

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

Append to Query String Values

 

▶ cat urls.txt | qsreplace -a newval

https://example.com/path?one=1newval&two=2newval

https://example.com/pathtwo?one=1newval&two=2newval

https://example.net/a/path?one=1newval&two=2newval

 

 

Remove Duplicate URL and Parameter Combinations

You can omit the argument to -a to only output each combination of URL and query string parameters once:

▶ cat urls.txt | qsreplace -a

https://example.com/path?one=1&two=2

https://example.com/pathtwo?one=1&two=2

https://example.net/a/path?one=1&two=2

 

See Also: Write up: Hacking is an art, and so is subdomain enumeration.

 

 

Install

 

With Go:

▶ go install github.com/tomnomnom/qsreplace@latest

 

Or download a release and put it somewhere in your $PATH (e.g. in /usr/local/bin).

 

See Also: Write up: How to schedule tasks the right way in Linux, using crontab

Merch

Recent Articles

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This