parameth is a tool that can be used to brute discover GET and POST parameters. Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them.

The tool have the following options:

• URL Target URL
• PARAMS, Provide a list of parameters to scan
• HEADER, Add headers in format a:b c:d
• AGENT, Specify a user agent
• THREADS, Specify the number of threads.
• OUT, Specify output file
• PROXY, Specify a proxy in the form http|s://[IP]:[PORT]
• COOKIE, Specify Cookies
• TIMEOUT Specify a timeout in seconds to wait between each request.

The -off flag allows you to specify an offset (helps with dynamic pages) so for example, if you were getting alternating response sizes of 4444 and 4448, set the offset to 5 and it will only show the stuff outside the norm.

You can read more and download this tool over here: https://github.com/maK-/parameth