A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

Related tags

Miscellaneousregexpython3sedbugbountybash-scriptpython-regex
Overview

Bhedak

A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every OS. Made with python

Installation


$ wget -O bhedak https://raw.githubusercontent.com/R0X4R/bhedak/main/bhedak.py -q && chmod +x bhedak && mv bhedak /usr/bin/

Usage


  • For linux, unix and debian based systems

    linux

    $ waybackurls target.tld | bhedak "payload"

  • For windows based systems

    windows

    cmd> type urls.txt | python bhedak.py "payload"

  • If no payload passed

    $ waybackurls subdomain.target.tld | bhedak

http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ

  • Example input file

    $ waybackurls subdomain.target.tld | tee -a urls

http://subdomain.target.tld/comment.php?pid=username&user=1
http://subdomain.target.tld/disclaimer.php=1
http://subdomain.target.tld/hpp/index.php?pp=12
http://subdomain.target.tld/hpp/?pp=12&user=5

  • Replace query string values

    $ cat urls | bhedak "FUZZ"

http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ

  • Replace query string with custom payloads

    *'/---+{{7*7}}" http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D"> 
    $ cat urls | bhedak "\">
      
      
       
       *'/---+{{7*7}}"
      
      

http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D
http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D

  • Remove duplicate urls

    $ cat urls | bhedak "FUZZ" | sort -u

http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ
http://subdomain.target.tld/disclaimer.php=FUZZ
http://subdomain.target.tld/hpp/index.php?pp=FUZZ
http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ

  • Comparsion



    $ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ"
http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ

$ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | bhedak "FUZZ"
http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ?hardwareid=FUZZ&tarifid=FUZZ

Donate

If this tool helped you or you like my work




Thanks to @tomnomnom for making an amazing tool called qsreplace, from using qsreplace I got idea to make bhedak

You might also like...
Appointment Tracker that allows user to input client information and update if needed.

Appointment-Tracker Appointment Tracker allows an assigned admin to input client information regarding their appointment and their appointment time. T

IS Coding @ KSU 1 Nov 30, 2021
A simple calculator that can add, subtract, multiply or divide depending upon the input from the user

Calculator A simple calculator that can add, subtract, multiply or divide depending upon the input from the user. In this example, we should have the

Jayesh Mali 1 Dec 27, 2021
We want to check several batch of web URLs (1~100 K) and find the phishing website/URL among them.
We want to check several batch of web URLs (1~100 K) and find the phishing website/URL among them.

We want to check several batch of web URLs (1~100 K) and find the phishing website/URL among them. This module is designed to do the URL/web attestation by using the API from NUS-Phishperida-Project.

null 3 Dec 28, 2022
Import modules and files straight from URLs.

Import Python code from modules straight from the internet.

Nate 2 Jan 15, 2022
Python screenshot library, replacement for the Pillow ImageGrab module on Linux.

tldr: Use Pillow The pyscreenshot module is obsolete in most cases. It was created because PIL ImageGrab module worked on Windows only, but now Linux

null 455 Dec 24, 2022
Insert a Spotify Playlist, Get a list of YouTube URLs from it.

spotbee This is a module that spits out YouTube URLs from Spotify Playlist URLs Why use this? It is asynchronous which makes it compatible to use with

Nishant Sapkota 10 Apr 6, 2022
šŸ”© Like builtins, but boltons. 250+ constructs, recipes, and snippets which extend (and rely on nothing but) the Python standard library. Nothing like Michael Bolton.

Boltons boltons should be builtins. Boltons is a set of over 230 BSD-licensed, pure-Python utilities in the same spirit as ā€” and yet conspicuously mis

Mahmoud Hashemi 6k Jan 6, 2023
šŸ”© Like builtins, but boltons. 250+ constructs, recipes, and snippets which extend (and rely on nothing but) the Python standard library. Nothing like Michael Bolton.

Boltons boltons should be builtins. Boltons is a set of over 230 BSD-licensed, pure-Python utilities in the same spirit as ā€” and yet conspicuously mis

Mahmoud Hashemi 5.4k Feb 20, 2021
Modeval (or Modular Eval) is a modular and secure string evaluation library that can be used to create custom parsers or interpreters.
Modeval (or Modular Eval) is a modular and secure string evaluation library that can be used to create custom parsers or interpreters.

modeval Modeval (or Modular Eval) is a modular and secure string evaluation library that can be used to create custom parsers or interpreters. Basic U

null 2 Jan 1, 2022
Releases(v2.0.0)

  • v2.0.0(Dec 12, 2021)

    A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every OS. Made with python

    What's Changed

    • Update to v2.0.0 by @R0X4R in https://github.com/R0X4R/bhedak/pull/1
    • fixed some-issues by @R0X4R in https://github.com/R0X4R/bhedak/pull/3

    New Contributors

    • @R0X4R made their first contribution in https://github.com/R0X4R/bhedak/pull/1

    Full Changelog: https://github.com/R0X4R/bhedak/compare/v1.0...v2.0.0

    Source code(tar.gz)
    Source code(zip)
    bhedak_x86_64_linux(1.69 MB)
    bhedak_x86_64_windows.exe(1.97 MB)

  • v1.0(Nov 23, 2021)

    A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Only for linux, unix and debian based systems.

    Source code(tar.gz)
    Source code(zip)
Owner
Eshan Singh
Hi.. I'm that hacker teenager that your friends told you about. I hack to make system secure. Hacker - Developer - Influencer - Graphics Designer
Eshan Singh
GitHub Repository
A common, beautiful interface to tabular data, no matter the format

rows No matter in which format your tabular data is: rows will import it, automatically detect types and give you high-level Python objects so you can

Ɓlvaro Justen 834 Jan 03, 2023
apysc is the Python frontend library to create html and js file, that has ActionScript 3 (as3)-like interface.

apysc apysc is the Python frontend library to create HTML and js files, that has ActionScript 3 (as3)-like interface. Notes: Currently developing and

simonritchie 17 Dec 14, 2022
A Python feed reader library.

reader is a Python feed reader library. It aims to allow writing feed reader applications without any business code, and without enforcing a dependenc

266 Dec 30, 2022
200 LeetCode problems

LeetCode I classify 200 leetcode problems into some categories and upload my code to who concern WEEK 1 # Title Difficulty Array 15 3Sum Medium 1324 P

Hoang Cao Bao 108 Dec 08, 2022
The bidirectional mapping library for Python.

bidict The bidirectional mapping library for Python. Status bidict: has been used for many years by several teams at Google, Venmo, CERN, Bank of Amer

Joshua Bronson 1.2k Dec 31, 2022
This program is meant to take the pain out of generating nice bash PS1 prompts.

TOC PS1 Installation / Quickstart License Other Docs Examples PS1 Command Help PS1 ā†‘ This program is meant to take the pain out of generating nice bas

Steven Hollingsworth 6 Jun 19, 2022
Learn Python tips, tools, and techniques in around 5 minutes each.

Python shorts Learn Python tips, tools, and techniques in around 5 minutes each. Watch on YouTube Subscribe on YouTube to keep up with all the videos.

Michael Kennedy 28 Jan 01, 2023
Control your gtps with gtps-tools!

Note Please give credit to me! Do not try to sell this app, because this app is 100% open source! Do not try to reupload and rename the creator app! S

Jesen N 6 Feb 16, 2022
A minimalist starknet amm adapted from StarkWare's amm.

viscus ā€¢ A minimalist starknet amm adapted from StarkWare's amm. Directory Structure contracts

Alucard 4 Dec 27, 2021
TriOTP, the OTP framework for Python Trio

TriOTP, the OTP framework for Python Trio See documentation for more informations. Introduction This project is a simplified implementation of the Erl

David Delassus 7 Nov 21, 2022
A simple API to upload notes or files to KBFS

This API can be used to upload either secure notes or files to a secure KeybaseFS folder.

Dakota Brown 1 Oct 08, 2021
A short course on Julia and open-source software development

Advanced Scientific Computing: producing better code This course is taught as a 6-session "nanocourse" at Washington University in St. Louis. See the

Tim Holy 230 Jan 07, 2023
Convert-Decimal-to-Binary-Octal-and-Hexadecimal

Convert-Decimal-to-Binary-Octal-and-Hexadecimal We have a number in a decimal number, and we have to convert it into a binary, octal, and hexadecimal

Maanyu M 2 Oct 08, 2021
Swubcase - The shitty programming language

What is Swubcase? Swubcase is easy-to-use programming language that can fuck you

5 Jun 19, 2022
Python script to commit to your github for a perfect commit streak. This is purely for education purposes, please don't use this script to do bad stuff.

Daily-Git-Commit Commit to repo every day for the perfect commit streak Requirments pip install -r requirements.txt Setup Download this repository. Cr

JareBear 34 Dec 14, 2022
Desenvolvendo as habilidades bĆ”sicas de programaĆ§Ć£o visando a construĆ§Ć£o de aplicativos por meio de bibliotecas apropriadas Ć  CiĆŖncia de Dados.

Algoritmos e IntroduĆ§Ć£o Ć  ComputaĆ§Ć£o Ementa: Conceitos bĆ”sicos sobre algoritmos e mĆ©todos para sua construĆ§Ć£o. Tipos de dados e variĆ”veis. Estruturas

Dyanna Cruz 1 Jan 06, 2022
BMI-Calculator: Program to Calculate Body Mass Index (BMI)

The Body Mass Index (BMI) or Quetelet index is a value derived from the mass (weight) and height of an individual, male or female.

PyLaboratory 0 Feb 07, 2022
Terrible sudoku solver with spaghetti code and performance issues

SudokuSolver Terrible sudoku solver with spaghetti code and performance issues - if it's unable to figure out next step it will stop working, it never

Kamil Bizoń 1 Dec 05, 2021
A brainfuck-based game oriented language written in python.

GF.py STILL WIP Gamefuck.py is a programming language based off brainfuck. It is oriented towards game development, and as such has many commands spec

Xenon 1 Feb 23, 2022
Script to quickly get the metrics from Github repos to analyze.

commit-prefix-analysis Script to quickly get the metrics from Github repos to analyze. Setup Install the Github CLI. You'll know its working when runn

David Carpenter 1 Dec 17, 2022