/Hidu

Finds hidden input parameters in a web server with metafinder & xss tool

Primary LanguageGoMIT LicenseMIT

Hidu - Hidden Input Parameters Finder


UsageInstallation

Hidu is a tool designed to find hidden input parameters in web applications.

- Installation & Requirements:

> git clone https://github.com/Eklavya-11/hidu.git

> cd hidu

> go build main.go

> mv main hidu

> chmod +x hidu

> ./hidu -h

- Usage & Explanation:

In order to ensure stability, some web applications use forms, which may result in the application handling hidden input parameters within its source code.
A typical example of such an input parameter is: <input type="hidden" name="validate" value="test">.

This is where Hidu comes in handy. When a web environment has an input parameter like this:
<input type="hidden" name="test" value="">
with a value of 0, it's highly probable that the parameter is reflected in the front-end, allowing for the exploitation of reflected XSS.

For example, executing the command cat index.html yields the following output: <input type="hidden" name="testing" value="">. Hidu reads from standard input.

You can use a file containing a list of targets as well:
cat targets | hidu

Hidu only brings to us the url to be tested, so, to test if parameter is reflecting, you can use other tools such as: httpx, kxss or manual analisys.

This project is solely intended for educational and bug bounty purposes. I do not endorse any illegal activities.

If any error in the program, talk to me immediatly.