Web applications use parameters (or queries) to accept user input, take the following example into consideration
http://api.example.com/v1/userinfo?id=751634589
This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.
The best part? It takes less than 30 seconds to go through this huge list while making just 50-60 requests to the target.
Want to know how Arjun does that? Here's how.
Added support for proxies using the -x parameter, new usage
With Proxy
python arjun.py -u http://some.api/ --post -o data/result.json -x http://my.proxy:8080
Without Proxy
python arjun.py -u http://some.api/ --post -o data/result.json
You can encourage me to contribute more to the open source with donations.
- Paypal - https://paypal.me/s0md3v
- Credit/Debit Card - https://www.buymeacoffee.com/s0md3v
Do you want to sponsor Arjun and get mentioned here? Email me s0md3v[at]gmail[dot]com
- Multi-threading
- Thorough detection
- Automatic rate limit handling
- A typical scan takes 30 seconds
GET/POST/JSONmethods supported- Huge list of 25,980 parameter names
Note: Arjun doesn't work with python < 3.4
A detailed usage guide is available on Usage section of the Wiki.\
An index of options is given below:
- Scanning a single URL
- Scanning multiple URLs
- Choosing number of threads
- Handling rate limits
- Delay between requests
- Including presistent data
- Saving output to a file
- Adding custom HTTP headers
The parameter names are taken from @SecLists.