ParamSpider Cheat Sheet
Mines archived URLs to extract unique parameters for a domain from web archives.
Overview
ParamSpider pulls historical URLs from web archives and extracts query parameters, producing wordlists for fuzzing and XSS/SQLi testing on authorized domains.
Authorized testing only. Use only on systems, networks, and accounts you own or have explicit written permission to test. Unauthorized access is illegal.
Install
git clone https://github.com/0xKayala/ParamSpider.gitcd ParamSpider && pip install -r requirements.txtEssential commands
Extract parameters for domain
paramspider -d target.exampleExclude extensions
paramspider -d target.example --exclude png,jpg,gif,css,jsCommon workflows
Build parameter wordlist for fuzzing —
paramspider -d target.example -o parameters.txtcat parameters.txt | sort -u > params_unique.txtCombine with httpx and dalfox —
paramspider -d target.example -o urls_with_params.txtcat urls_with_params.txt | httpx -silent | dalfox pipeSubdomain scope —
paramspider -d target.example --level highFlags reference
-d DOMAIN | Target domain |
|---|---|
-l | Level / depth (tool-specific) |
-o FILE | Output file |
--exclude | Comma-separated extensions to skip |
--placeholder | Replace values with placeholder |
-q | Quiet mode |
Tips
- Archive data may include stale endpoints—verify hosts still resolve and are in scope.
- Deduplicate parameters before Intruder/sqlmap to save requests.
- Pair with waybackurls/gau for broader URL collection, then ParamSpider for param extraction.
- Respect rate limits when fetching archive APIs.