Skip to content
Somdev Sangwan edited this page Apr 17, 2019 · 5 revisions

Scanning a single URL

To find GET parameters, you can simply do:

python3 arjun.py -u https://api.example.com/endpoint --get

Similarly, use --post for POST and --json to look for JSON parameters.

Scanning multiple URLs

A list of URLs stored in a file can be test by using the --urls option as follows

python3 arjun.py --urls targets.txt --get

Multi-threading

Arjun uses 2 threads by default but you can tune its performance according to your network connection and target allowance.

python3 arjun.py -u https://api.example.com/endpoint --get -t 22

Delay between requests

You can delay the request by using the -d option as follows:

python3 arjun.py -u https://api.example.com/endpoint --get -d 2

Including persistent data

Let's say you have an API key that you need to send with every request, to tell Arjun to do that you can use the --include option as follows:

python3 arjun.py -u https://api.example.com/endpoint --get --include 'api_key=xxxxx'

OR

python3 arjun.py -u https://api.example.com/endpoint --get --include '{"api_key":"xxxxx"}'

To include multiple parameters, use & to seperate them or pass them as a valid json object.

Saving output to a file

You can save the result in a JSON format by using the -o as follows:

python3 arjun.py -u https://api.example.com/endpoint --get -o result.json

Adding HTTP Headers

This option will open your text editor (default is 'nano') and you can simply paste your HTTP headers and press Ctrl + S to save.

headers demo

If your operating system doesn't support this or you don't want to do this anyway, you can simply add headers from command line separated by \n as follows:

python3 arjun.py -u https://api.example.com/endpoint --post --headers "Accept-Language: en-US\nCookie: null"

Note: Arjun uses nano as the default editor for the prompt but you can change it by tweaking /core/prompt.py.

Clone this wiki locally
You can’t perform that action at this time.