Arjun - HTTP parameter discovery suite.

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Post Reply
User avatar
familycode
Posts: 920
Joined: Thu Oct 13, 2005 4:06 pm
Location: Yogyakarta
Contact:

Arjun - HTTP parameter discovery suite.

Post by familycode » Sat Nov 02, 2019 4:51 pm

Share

Arjun

HTTP parameter discovery suite.

Web applications use parameters (or queries) to accept user input, take the following example into consideration

http://api.example.com/v1/userinfo?id=751634589

This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?

This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.

Features

- Multi-threading

- Thorough detection

- Automatic rate limit handling

- A typical scan takes 30 seconds

- GET/POST/JSON methods supported

- Huge list of 25,980 parameter names

Download : https://github.com/s0md3v/Arjun

Post Reply

Return to “Web Hacking”