> For the complete documentation index, see [llms.txt](https://gowthams.gitbook.io/bughunter-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/recon-and-osint/param-discovery.md).

# Parameter / Content Discovery

* gospider
* paramspider
* hakcrawler
* arjun
* httpx
* <https://github.com/edoardottt/cariddi>

Tweets:

{% embed url="<https://twitter.com/stokfredrik/status/1316661667267305472>" %}

{% embed url="<https://twitter.com/pry0cc/status/1316357215985561602>" %}

[gau + anti-burl + secretfinder = informations disclosure@TomNomNom@Yassineaboukir@stokfred](https://twitter.com/m4ll0k/status/1275047986180100096?s=20)rik[<br>](https://twitter.com/m4ll0k/status/1275047986180100096/photo/1)

![](/files/-MTAGMrXlBD_KI0LLlya)

[I just released Parth It finds commonly vulnerable parameter names to prioritize their testing. See screenshot below. You can import your@Burp\_Suite history, discover URLs using CommonCrawl, OTX and Waybackmachine or a simple txt file. Github: ](https://twitter.com/s0md3v/status/1296132598574362624?s=20)[https://github.com/s0md3v/Parth](https://t.co/eoDI0ut6nj?amp=1)

![](/files/-MTAGck_Ey_m0Px488Vy)

![](/files/-MTBktDck1f25pnk10un)

![https://twitter.com/Haoneses/status/1291387580299321358?s=20](/files/-MTFq10IJE4nlpm0sISp)

{% embed url="<https://twitter.com/imran407704/status/1297851186721067008?s=20>" %}

![](/files/-MTG0_Kx45LhGsHk8Nb2)

Tools:

* <https://github.com/dwisiswant0/galer>

{% embed url="<https://twitter.com/ITSecurityguard/status/1406630113102413827?s=20>" %}

{% embed url="<https://github.com/Sh1Yo/x8>" %}

{% embed url="<https://medium.com/geekculture/params-discovering-hidden-treasure-in-webapps-b4a78509290f>" %}
