Packages and Binaries:

arjun

This package can find query parameters for URL endpoints.

Web applications use parameters (or queries) to accept user input, take the following example into consideration.

http://api.example.com/v1/userinfo?id=751634589

This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,890 parameter names. It takes less than 10 seconds to go through this huge list while making just 50-60 requests to the target.

Some features:

  • Supports GET/POST/POST-JSON/POST-XML requests;
  • Automatically handles rate limits and timeouts;
  • Export results to: BurpSuite, text or JSON file;
  • Import targets from: BurpSuite, text file or a raw request file;
  • Can passively extract parameters from JS or 3 external sources.

Arjun is useful for penetration testing (PENTEST) and network security analysis, serving as OSINT.

Installed size: 345 KB
How to install: sudo apt install arjun

Dependencies:
  • python3
  • python3-dicttoxml
  • python3-requests
arjun

HTTP parameter discovery suite

root@kali:~# arjun -h
usage: arjun [-h] [-u URL] [-o JSON_FILE] [-oT TEXT_FILE] [-oB [BURP_PORT]]
             [-d DELAY] [-t THREADS] [-w WORDLIST] [-m METHOD]
             [-i [IMPORT_FILE]] [-T TIMEOUT] [-c CHUNKS] [-q]
             [--headers [HEADERS]] [--passive [PASSIVE]] [--stable]
             [--include INCLUDE] [--disable-redirects]

options:
  -h, --help            show this help message and exit
  -u URL                Target URL
  -o JSON_FILE, -oJ JSON_FILE
                        Path for json output file.
  -oT TEXT_FILE         Path for text output file.
  -oB [BURP_PORT]       Port for output to Burp Suite Proxy. Default port is
                        8080.
  -d DELAY              Delay between requests in seconds. (default: 0)
  -t THREADS            Number of concurrent threads. (default: 5)
  -w WORDLIST           Wordlist file path. (default: {arjundir}/db/large.txt)
  -m METHOD             Request method to use: GET/POST/XML/JSON/HEADERS.
                        (default: GET)
  -i [IMPORT_FILE]      Import target URLs from file.
  -T TIMEOUT            HTTP request timeout in seconds. (default: 15)
  -c CHUNKS             Chunk size. The number of parameters to be sent at
                        once
  -q                    Quiet mode. No output.
  --headers [HEADERS]   Add headers. Separate multiple headers with a new
                        line.
  --passive [PASSIVE]   Collect parameter names from passive sources like
                        wayback, commoncrawl and otx.
  --stable              Prefer stability over speed.
  --include INCLUDE     Include this data in every request.
  --disable-redirects   disable redirects

Updated on: 2023-Mar-08