Next-Gen Asynchronous Web Fuzzer & Vulnerability Scanner > Advanced offensive security tool featuring a C2-style TUI dashboard, heuristic crawling, and canary-based payload detection.
[Image of CLI dashboard interface layout]
This version represents a complete rewrite of the core engine, moving away from a tool wrapper to a standalone, high-performance python scanner.
- Real-time TUI (Text User Interface): Interactive dashboard built with
Rich. - Split-View Layout: Monitor request logs, crawl progress, and vulnerability findings simultaneously.
- Live Statistics: Track endpoints discovered vs. vulnerabilities found in real-time.
- False Positive Reduction: Implemented Canary Tokens for XSS (randomized IDs injected and verified in reflection).
- Expanded Attack Vectors:
- SQL Injection: Error-based detection.
- Reflected XSS: Context-aware canary injection.
- LFI (Local File Inclusion): Regex-based detection for
/etc/passwd,win.ini, etc. - SSTI (Server-Side Template Injection): Mathematical evaluation checks (
{{7*7}}->49). - Open Redirect: Header analysis and heuristic parameter detection.
- Hybrid Extraction: Parses both HTML Links (
<a>) and Forms (<form>). - Sensitive File Hunter: Automatically checks for accidental exposures like
.env,.git/HEAD,backup.zip. - Smart Scope: Strictly adheres to the target domain to prevent scope creep.
git clone [https://github.com/m2hcz/ParamHunter-Pro.git](https://github.com/m2hcz/ParamHunter-Pro.git)
cd ParamHunter-Pro