Skip to content

Commit 8c43c94

Browse files
R0X4RR0X4R
committed
bhedak intial-commit
A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Only for linux, unix and debian based systems.
0 parents  commit 8c43c94

File tree

5 files changed

+115
-0
lines changed

5 files changed

+115
-0
lines changed

.github/FUNDING.yml

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# These are supported funding model platforms
2+
ko_fi: r0x4r

.github/support.svg

+13
Loading

LICENSE

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2021 R0X4R
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

README.md

+68
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
<h2><b>Bhedak</b></h2>
2+
3+
---
4+
5+
A replacement of [`qsreplace`](https://github.com/tomnomnom/qsreplace), accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Only for `linux`, `unix` and `debian` based systems.<br/>
6+
7+
<h3><b>Installation</b></h3><br/>
8+
9+
```css
10+
$root:~ sudo apt install python3 python3-pip
11+
$root:~ wget https://raw.githubusercontent.com/ROX4R/bhedak/main/bhedak && chmod +x bhedak && mv bhedak /usr/bin/
12+
```
13+
14+
<h3><b>Usage</b></h3><br/>
15+
16+
- **Example input file**
17+
18+
```bash
19+
$ waybackurls subdomain.target.tld | tee -a urls
20+
21+
http://subdomain.target.tld/comment.php?pid=username&user=1
22+
http://subdomain.target.tld/disclaimer.php=1
23+
http://subdomain.target.tld/hpp/index.php?pp=12
24+
http://subdomain.target.tld/hpp/?pp=12&user=5
25+
```
26+
27+
- **Replace query string values**
28+
29+
```bash
30+
$ cat urls | bhedak "FUZZ"
31+
32+
http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
33+
http://subdomain.target.tld/disclaimer.php=FUZZ
34+
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
35+
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
36+
```
37+
38+
- **Replace query string with custom payloads**
39+
40+
```bash
41+
$ cat urls | bhedak "\"><svg/onload=alert(1)>*'/---+{{7*7}}"
42+
43+
http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
44+
45+
http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
46+
47+
http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
48+
49+
http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
50+
```
51+
- **Remove duplicate urls**
52+
53+
```bash
54+
$ cat urls | bhedak "FUZZ" | sort -u
55+
56+
http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
57+
http://subdomain.target.tld/disclaimer.php=FUZZ
58+
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
59+
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ
60+
```
61+
62+
<h3><b>Donate</b></h3>
63+
If this tool helped you or you like my work<br/>
64+
65+
</br><a href="https://ko-fi.com/i/IK3K34SJSA"><img src="https://ko-fi.com/img/githubbutton_sm.svg"></a> <a href="https://rzp.io/l/pQny7s0n"><img src=".github/support.svg" width="200"></a><br/><br/>
66+
67+
68+
Thanks to [`@tomnomnom`](https://github.com/tomnomnom) for making this an amazing tool called [`qsreplace`](https://github.com/tomnomnom/qsreplace), from using [`qsreplace`](https://github.com/tomnomnom/qsreplace) I got idea to make `bhedak`

bhedak

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
#!/usr/bin/env bash
2+
# bhedak v1.0
3+
# A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout
4+
# Author: R0X4R (twitter.com/R0X4R)
5+
6+
urEncode=$(python3 -c "import urllib.parse as ul, sys; print(ul.quote(sys.argv[1], safe=''))" $1)
7+
# echo -e "$urEncode"
8+
9+
while read line; do
10+
echo -e "$line" | sed -e "s!=[^&]*!=$urEncode!g"
11+
done < /dev/stdin

0 commit comments

Comments
 (0)