Bhedak
A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
Install / Use
/learn @R0X4R/BhedakREADME
A replacement of qsreplace, accepts URLs as standard input, replaces all query string values with user-supplied values and stdout. Works on every OS. Made with python<br/>
$ pip3 install bhedak
$ wget -O bhedak https://raw.githubusercontent.com/R0X4R/bhedak/main/bhedak.py -q && chmod +x bhedak && mv bhedak /usr/bin/
-
For
linux,unixanddebianbased systems
$ waybackurls target.tld | bhedak "payload" -
For
windowsbased systems
cmd> type urls.txt | python bhedak.py "payload" -
If no
payloadpassed$ waybackurls subdomain.target.tld | bhedak http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ -
Example input file
$ waybackurls subdomain.target.tld | tee -a urls http://subdomain.target.tld/comment.php?pid=username&user=1 http://subdomain.target.tld/disclaimer.php=1 http://subdomain.target.tld/hpp/index.php?pp=12 http://subdomain.target.tld/hpp/?pp=12&user=5 -
Replace query string values
$ cat urls | bhedak "FUZZ" http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ -
Replace query string with custom payloads
$ cat urls | bhedak "\"><svg/onload=alert(1)>*'/---+{{7*7}}" http://subdomain.target.tld/comment.php?pid=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/disclaimer.php=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/index.php?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D http://subdomain.target.tld/hpp/?pp=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D&user=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E%2A%27%2F---%2B%7B%7B7%2A7%7D%7D -
Remove duplicate urls
$ cat urls | bhedak "FUZZ" | sort -u http://subdomain.target.tld/comment.php?pid=FUZZ&user=FUZZ http://subdomain.target.tld/disclaimer.php=FUZZ http://subdomain.target.tld/hpp/index.php?pp=FUZZ http://subdomain.target.tld/hpp/?pp=FUZZ&user=FUZZ -
Comparsion
<br/><img src=".github/image.jpg"><br/>
$ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ" http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ $ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | bhedak "FUZZ" http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ?hardwareid=FUZZ&tarifid=FUZZ
</br><a href="https://rzp.io/l/pQny7s0n"><img src=".github/support.svg" width="200"></a> <a href="https://ko-fi.com/i/IK3K34SJSA"><img src="https://ko-fi.com/img/githubbutton_sm.svg"></a><br/><br/>
Thanks to @tomnomnom for making an amazing tool called qsreplace, from using qsreplace I got idea to make bhedak
Related Skills
node-connect
345.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
104.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
345.4kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
345.4kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
