Arjun - HTTP parameter discovery suite.
Posted: Sat Nov 02, 2019 4:51 pm
Share
Arjun
HTTP parameter discovery suite.
Web applications use parameters (or queries) to accept user input, take the following example into consideration
http://api.example.com/v1/userinfo?id=751634589
This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.
Features
- Multi-threading
- Thorough detection
- Automatic rate limit handling
- A typical scan takes 30 seconds
- GET/POST/JSON methods supported
- Huge list of 25,980 parameter names
Download : https://github.com/s0md3v/Arjun
Arjun
HTTP parameter discovery suite.
Web applications use parameters (or queries) to accept user input, take the following example into consideration
http://api.example.com/v1/userinfo?id=751634589
This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.
Features
- Multi-threading
- Thorough detection
- Automatic rate limit handling
- A typical scan takes 30 seconds
- GET/POST/JSON methods supported
- Huge list of 25,980 parameter names
Download : https://github.com/s0md3v/Arjun