Fakultät Medien

Im Gebäude der Medien-Fakultät konzentriert sich die komplette Fakultät mit Hörsälen, Laboren + Studios, alle mit modernster Technik ausgestattet, sowie Büros.
 

PAQMAN - Parameter Query Manual

|

PAQMAN is a command line companion tool that improves your pentesting experience. It provides you with commands you can copy-and-paste depending on specific information, in order to transform them into a successful attack.

paqman
© M

Working in the command line can be time-consuming and complicated if you are not familiar with command line tools or encounter something you never have before. In the life of a system administrator, penetration tester or any other user of the command line, you will - sooner or later - get to that point, where you have reached your knowledge’ limits. At that point, you have to check and read up additional information in the documentation or the man page of a tool or a package. This is not intuitive at all and can sometimes hinder your workflow. Why not use a tool that provides relief? With the help of PAQMAN - an abbreviation for “Parameter Query Manual” - the user is freed of that burden.

PAQMAN ties in right there: focus on your work instead of lengthy searches through documentations! The simple web-based companion tool makes your work less time-consuming. Forget looking up things you instantly forget afterwards! PAQMAN shows you all necessary information you need or that is in any way relevant to you in one place. While doing so, the tool is mainly targeted towards command line interface (CLI) users and especially pentesters or system administrators.

Our goal was to create a tool which supports and increases people's work efficiency using the CLI on a regular basis.

PAQMAN is a command line companion tool that improves your pentesting experience. It provides you with commands you can copy-and-paste depending on the information you want to collect or already have collected, in order to transform them into a successful attack.

Problems that PAQMAN solves

PAQMAN is a graphical, user-friendly and flexible companion tool, which provides support for pentesting tools or other workflows while using the command line. You can use the tool in a side-by-side arrangement with the CLI on one side and PAQMAN on the other side.

The tool is useful for all command line users but especially for pentesters who want to perform attacks and use a lot of commands in the command line. It accompanies the tester and is supposed to provide information about suitable input and output parameters for commands of a command line tool. The user thus avoids long searches in documentations and man pages, since all commands for a use case are displayed in an appealing user interface.

In contrast to existing man pages, PAQMAN offers interoperability between several tools and thus enables a simple and flexible workflow. A command can be composed of several individual tools that provide the user with the appropriate parameters.

PAQMAN is associated with these characteristics:
- Self‐explanatory: No long user manuals needed, PAQMAN is very self-explanatory, due to descriptions and the design of the user interface.
- Easy-to-use: You can easily use PAQMAN and access an overview of existing commands and attacks.
- Non-disturbing: PAQMAN does not need to be at full screen size. It is a companion tool, which means you can open and close it whenever you need help with getting parameters, and leave it open while performing attacks.
- Flexible: You can not just use PAQMAN for one single issue, you can extend it with your own database of commands, offering you opportunities of customization.

PAQMAN is a standalone tool that does not execute commands in the CLI. It is a helper tool for the work in the CLI. The focus is on modularity of the application, so that the user can add their own commands adapted to their own needs and use cases. The goal is a fully customizable local knowledge base which can be tailored and adapted to your specific needs.

A simple use case could for example be that you want to search for a specific parameter you need, but you do not know where you can get it from. PAQMAN can search through all available commands and parameters in its database to find one or optimally multiple ways to get to that parameter. This can be achieved with one command or a row of commands. PAQMAN then lists all the possible ways in a tree structure. A basic requirement for working with PAQMAN is
that the database has to be pre-filled with commands and parameters.

Code Repository: https://git.leon.wtf/paqman/paqman

Staging Environment: https://staging.paqman.leon.wtf

Projektteam:
Leon Schmidt, Nicola Jäger, Nadine Weber

Projektbetreuung:
Prof. Daniel Hammer