ParamSpider
Passive parameter extraction from web archives
Recon & OSINT8 commands
#passive#recon#parameters#wayback#archives
Installation
1Clone from GitHub
2Install Python dependencies
3Verify installation
# Clone repository
git clone https://github.com/devanshbatham/ParamSpider.git
cd ParamSpider
pip install -r requirements.txt
# Verify
python3 paramspider -hBasic Usage
Extract URLs with parameters from Wayback Machine and Common Crawl
# Basic domain scan
python3 paramspider -d site.com
# Save with FUZZ placeholder
python3 paramspider -d site.com -p "FUZZ=value"
# Set depth
python3 paramspider -d site.com -l 2
# Filter by vulnerability type
python3 paramspider -d site.com | grep xss > xss.txt
# Save to file
python3 paramspider -d site.com -o output.txtCommand Reference
8 commands
1Target domain
-d2Output pattern with FUZZ placeholder
-p3Search depth (levels)
-l4Output file
-o5Search in Google instead of Wayback
-s6Search engine (baidu, bing, etc.)
-b7Include all subdomains
-a8Quiet mode
-qWhen to Use
1
Initial reconnaissance on new targets2
Discovering hidden parameters without touching the target3
Collecting URLs before deep testing4
Quick parameter discovery from historical data5
Before using Arjun or ffuf for deeper testingNotes & Tips
1
Works passively — no direct interaction with target2
Uses Wayback Machine and Common Crawl as data sources3
Excellent for gathering initial data before active testing4
Results may contain outdated or invalid URLs5
Can be combined with Arjun for comprehensive coverage6
Very fast compared to interactive tools7
Does not work on domains without archived dataCommon Errors & Solutions
No results found
Target may have no archived data. Try Google source (-s) or different domain
Rate limiting from Wayback Machine
Add delay between requests or reduce depth
ModuleNotFoundError
Install requirements: pip install -r requirements.txt
SSL Certificate errors
Update requests library or use --no-check-certificate