Arjun - HTTP parameter discovery suite.

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Post Reply
User avatar
Posts: 740
Joined: Thu Oct 13, 2005 4:06 pm
Location: Yogyakarta

Arjun - HTTP parameter discovery suite.

Post by familycode » Sat Nov 02, 2019 4:51 pm



HTTP parameter discovery suite.

Web applications use parameters (or queries) to accept user input, take the following example into consideration

This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?

This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.


- Multi-threading

- Thorough detection

- Automatic rate limit handling

- A typical scan takes 30 seconds

- GET/POST/JSON methods supported

- Huge list of 25,980 parameter names

Download :

Post Reply

Return to “Web Hacking”