Skip to main content

Parth

What is the purpose of Parth?

Parth tool is an open source tool. Parth python language-based tool that can discover URLs to find parameters names and the vulnerabilities or risks commonly associated with them.

Here are the primary uses of Parth:

  • Network Security: Parth is often used to analyze and assess web security. Parth can help in identifying vulnerabilities and weaknesses in the target system's network configurations.

  • Web Application Security: It is mainly used for testing web applications for the presence of vulnerabilities. This includes the following: web application common vulnerability detection, including SQL injection and cross-site scripting, and other vulnerabilities.

  • Penetration Testing: Parth is a tool used in penetration testing or bug bounty programs, where security professionals aim to reveal security vulnerabilities by simulating an attack against a system or network.

  • Vulnerability Assessment: Parth assists in the vulnerability assessment of a network and a web application, thereby providing information about potential risks and enabling their remediation.

  • Security Research: Parth, güncel zafiyetleri test etmek, yeni güvenlik teknikleri geliştirmek ve yeni güvenlik araçlarını test etmek için güvenlik uzmanları tarafından etkili bir şekilde kullanılabilir. Parth, diğer araçlarla birlikte entegrasyona uygundur.

Core Features

  • Vulnerability Scanning
  • Exploit Testing
  • Security Assessment
  • Bug Bounty Integration
  • Customizable Testing
  • Automated Reporting
  • Integration with Other Tools

Data sources:

  • Public Vulnerability Databases
  • Security Advisories and Bulletins
  • Exploit Databases
  • Open Source Intelligence (OSINT)
  • Web Application Fingerprints
  • Network Scanning Results
  • Threat Intelligence Feeds

Common Parth Commands

1. Basic Usage

  • This command will initiate a security scan of the target URL. This will help in finding vulnerabilities that may be present in the target system.
parth scan https://example.com

2. Scanning from a File

  • This command is useful for scanning a large number of systems efficiently. Scans multiple targets given from users in a file.
parth scan -f targets.txt

3. Using Custom Templates

  • Uses custom or additional templates from a customized directory from users. This customization helps focus the scan on specific vulnerabilities of target system.
parth scan -t /path/to/templates/

4. Scanning for CVEs

  • Scans for vulnerabilities related to CVEs (Common Vulnerabilities and Exposures). It uses CVE-specific templates from Parth database to detect known common security vulnerabilities.
parth scan -t cves/ -f targets.txt

5. Displaying Version

  • This command will display which version of the Parth tool is installed on the system. This utility helps ensure that you are running the latest version.
parth --version

6. Updating Parth

  • Updates the Parth tool to the latest available version. This ensures that you have the latest features and vulnerability definitions.In addition, using the latest version of Parth is very important for scaning and finding current web vulnerabilities.
parth update

7. Outputting Results to a File

  • Users can save the scan results to a specified file. This command is provides for logging the results. Its necessary for post-analysis assessments by experts and integration with other security tools.
parth scan -o output.txt

8. Verbose output

  • Provides detailed information about each step of the scanning process. This helps in understanding the scan actions and results in-depth.
parth scan -v https://example.com

9.Silent Mode

  • Runs the scan without any output showing on the user's console. This feature is useful when the scan is run as a background operation and there is a minimum desire for console activity.
parth scan -s

10. Help and Usage Information

  • Displays a help message with a list of available commands and options. This helps users understand how to use Parth correctly.
parth -h

Alternative usage:

parth --help

Output Examples of Parth Commands

CommandExample UsageFunctionOutput Example
Basic Scanparth scan https://example.comInitiates a security scan on the specified target URL.Scanning https://example.com...
Scanning from a Fileparth scan -f targets.txtScans multiple targets listed in a file.Scanning targets from targets.txt...
Using Custom Templatesparth scan -t /path/to/templates/Uses custom or additional templates from a specified directory.Using templates from /path/to/templates/
Scanning for CVEsparth scan -t cves/ -f targets.txtScans for vulnerabilities related to CVEs using CVE-specific templates.Scanning for CVEs...
Outputting Results to a Fileparth scan -o output.txtSaves scan results to a specified file for later analysis.Results saved to output.txt
Verbose Outputparth scan -v https://example.comProvides detailed information about the scanning process.Verbose mode enabled.
Silent Modeparth scan -sRuns the scan without displaying output on the console.Running scan in silent mode.
Displaying Versionparth --versionDisplays the current version of the Parth tool installed.Parth version 1.0.0
Updating Parthparth updateUpdates the Parth tool to the latest version available.Parth updated to the latest version.
Specify Multiple Targetsparth scan -f targets.txt -t /path/to/templates/Scans multiple targets with specified templates.Scanning targets from targets.txt...
Timeout for Requestsparth scan -t /path/to/templates/ -timeout 5Sets a timeout duration for requests during the scan.Timeout set to 5 seconds.
Custom User-Agentparth scan -t /path/to/templates/ -ua "CustomUserAgent"Sets a custom User-Agent string for requests.Using custom User-Agent: CustomUserAgent
Output JSON Formatparth scan -o output.jsonOutputs scan results in JSON format.Results saved in JSON format.
Resume Previous Scanparth resume session.jsonResumes a previously interrupted scan using a session file.Resuming scan from session.json...
Health Checkparth healthPerforms a diagnostic check on the Parth tool.Parth is functioning correctly.
Include/Exclude Templatesparth scan -t /path/to/templates/ -exclude exclude.yamlIncludes or excludes specific templates during the scan.Excluding templates in exclude.yaml
Use Custom DNS Resolversparth scan -d resolvers.txtSpecifies custom DNS resolvers for the scan.Using DNS resolvers from resolvers.txt
Rate Limitingparth scan -u https://example.com --rate-limit 10Limits requests sent per second during the scan.Rate limit set to 10 requests per second.
Store HTTP Responsesparth scan -u https://example.com --store-requestsStores HTTP requests and responses during the scan.HTTP requests and responses stored.
Firewall Detectionparth scan -u https://example.com --detect-firewallDetects the presence of a firewall and assesses its impact on scanning.Detecting firewall presence...
Finding Common Log Filesparth scan -u https://example.com --find-logsSearches for common log files on the target site.Searching for log files...
Finding Common Backup Filesparth scan -u https://example.com --find-backupsSearches for common backup files on the target site.Searching for backup files...
Enumerate Usersparth scan -u https://example.com --enum-usersLists registered users on the target site.Enumerating users...
Check for Vulnerabilitiesparth scan -u https://example.com --check-vulnsScans for known vulnerabilities in web components.Scanning for vulnerabilities...
Enumerate Plugins and Extensionsparth scan -u https://example.com --enum-pluginsEnumerates installed plugins and extensions.Enumerating plugins and extensions...
Brute Force Testingparth scan -u https://example.com --brute --wordlist wordlist.txtPerforms brute force attacks to test password strength.Brute forcing with wordlist.txt...
Check Configurationparth scan -u https://example.com --check-configChecks for insecure configurations and misconfigurations.Checking configuration...