ParamX is a tool designed to extract interesting subdomains and parameters from URLs. It can be handy for bug hunters and penetration testers looking for specific types of vulnerabilities such as XSS, SQLi, LFI, RCE, IDOR, SSRF, SSTI, and open redirects.
<img src="https://github.com/cyinnove/paramx/raw/v1.1.0/static/paramx-logo.png" hight="100" width="300">
tag: {{TAG_NAME}} // xss,sqli,ssrf, as you want you can create your own
part: {{PART_NAME}} // query,subdomain, ... will add new parts in z future
list:
- param1
- param2
- param2
To install ParamX:
go install github.com/cyinnove/paramx/cmd/paramx@latest
ParamX is executed via command-line interface (CLI) with several options to customize its behavior. Below are the available flags:
-tp : Directory where YAML configuration files are located.-l : Path to a file containing URLs (one per line).-tag : The type of bug to extract the URLs based on it (default: "xss"). Supported values: xss, sqli, lfi, rce, idor, ssrf, ssti, redirect.-at : Search for URLs matching all vulnerability tags.-ap : Hunt for all kinds of parameterized URLs regardless of tag.-rw : Replace the parameter value with a custom value.-t : Path to a custom template.-o : Path to a file where the results should be saved.To extract XSS parameters from a list of URLs provided in a file:
cat urls.txt | paramx -tag xss
This will show output like :

To search for parameters matching any vulnerability type:
cat urls.txt | paramx -at
To find all URLs that contain parameters, regardless of type:
cat urls.txt | paramx -ap
To save the results to a file:
cat urls.txt | paramx -tag xss -o results.txt
Contributions are welcome! Please fork the repository and submit pull requests.
This project is licensed under the MIT License. See the LICENSE file for details.
For issues, questions, or suggestions, please open an issue on the GitHub repository.
Here’s a more detailed example of how you might run ParamX with various options:
paramx -tp /path/to/templates -l urls.txt -tag sqli -rw "injected_value" -t /path/to/custom_template.yaml
In this example, ParamX will:
/path/to/templates.urls.txt.injected_value./path/to/custom_template.yaml.The main package imports necessary modules and handles command-line flag definitions and parsing. The core functionalities include:
The runner package contains the main logic for parameter extraction, while the utils package includes utility functions for reading URLs and handling I/O operations.
Thank you for using ParamX! We hope this tool aids you in your recon process. For more information, visit our GitHub repository.
$ claude mcp add paramx \
-- python -m otcore.mcp_server <graph>