PAQMAN

The Parameter Query Manual

PAQMAN project logo

Responsible for the project

  • Leon Schmidt (UNITS)
  • Nicola Jäger (UNITS)
  • Nadine Weber (MI)

Description

PAQMAN is an acronym and stands for “Parameter Query Manual”. It is a web application that facilitates work with the command line interface (CLI). Based on specified information – the parameters – the application provides commands that can be correctly combined to create a successful attack. PAQMAN is intended to serve as a tool to increase the efficiency of regular use of the command line.

If you are not familiar with the command line or work with a tool that is not well known, your work can quickly become time-consuming and complicated. Whether you are a system administrator or a pentester, sooner or later you will always reach a point where your own knowledge is no longer sufficient. At this point you have to look up information in documentation on the Internet or in man pages of tools or packages. This procedure is not really intuitive and can severely impair the workflow. So why not just use a tool that simplifies the work? With the help of PAQMAN things become easier.

PAQMAN enables the user to focus on the actual work. The tedious search through long documentation is a thing of the past. All information relevant to the user is collected by PAQMAN directly in one place and is clearly presented. The tool is targeted primarily at command line users – especially pentesters or system administrators. A graphical, user-friendly and dynamic web application supports existing pentesting tools or workflows in the CLI. Thereby the application can be used “side-by-side”, with the CLI on one side and PAQMAN on the other.

In contrast to existing man pages, PAQMAN offers interoperability between several tools and thus enables a simple and flexible workflow. A command can be composed of several individual tools that provide the user with the appropriate parameters.

PAQMAN is associated with these characteristics:

  • Self‐explanatory: No long user manuals needed, PAQMAN is very self-explanatory, due to descriptions and the design of the user interface.
  • Easy-to-use: You can easily use PAQMAN and access an overview of existing commands and attacks.
  • Non-disturbing: PAQMAN does not need to be at full screen size. It is a companion tool, which means you can open and close it whenever you need help with getting parameters, and leave it open while performing attacks.
  • Flexible: You can not just use PAQMAN for one single issue, you can extend it with your own database of commands, offering you opportunities of customization.

PAQMAN is a standalone tool that does not execute commands in the CLI. It is a helper tool for the work in the CLI. The focus is on modularity of the application, so that the user can add their own commands adapted to their own needs and use cases. The goal is a fully customizable local knowledge base which can be tailored and adapted to your specific needs.

A simple use case could for example be that you want to search for a specific parameter you need, but you do not know where you can get it from. PAQMAN can search through all available commands and parameters in its database to find one or optimally multiple ways to get to that parameter. This can be achieved with one command or a row of commands. PAQMAN then lists all the possible ways in a tree structure. A basic requirement for working with PAQMAN is that the database has to be pre-filled with commands and parameters.

You can find more information about PAQMAN on the universitys project page.