Kang Asu
Arjun v1.3 - HTTP Parameter Discovery Suite
Features
- Multi-threading
- 4 modes of detection
- A typical scan takes 30 seconds
- Regex powered heuristic scanning
- Huge list of 25,980 parameter names
- Makes just 30-35 requests to the target
Note: Arjun doesn't work with python < 3.4
Discover parameters
To find
GET parameters, you can simply do:python3 arjun.py -u https://api.example.com/endpoint --getSimilarly, use
--post to find POST parameters.Multi-threading
Arjun uses 2 threads by default but you can tune its performance according to your network connection.
python3 arjun.py -u https://api.example.com/endpoint --get -t 22Delay between requests
You can delay the request by using the
-d option as follows:python3 arjun.py -u https://api.example.com/endpoint --get -d 2Including presistent data
Let's say you have an API key that you need to send with every request, to tell Arjun to do that you can use the
--include option as follows:python3 arjun.py -u https://api.example.com/endpoint --get --include 'api_key=xxxxx'OR
python3 arjun.py -u https://api.example.com/endpoint --get --include '{"api_key":"xxxxx"}'To include multiple parameters, use
& to seperate them or pass them as a valid json object.JSON Output
You can save the result in a JSON format by using the
-o as follows:python3 arjun.py -u https://api.example.com/endpoint --get -o result.jsonAdding HTTP Headers
Using the
--headers switch will open an interactive prompt where you can paste your headers. Press Ctrl + S to save and Ctrl + X to procced.
Note: Arjun usesnanoas the default editor for the prompt but you can change it by tweaking/core/prompt.py.
Regards
Kang Asu
No comments:
Post a Comment
# Silahkan berkomentar, bertanya dan kritik dengan sopan
# Disini anda boleh menyisipkan Link di kolom komentar
# Tetapi akan saya moderasi atau Review terlebih dahulu tiap komentar
# Jangan sampai komentar anda mengandung SPAM.
# Terima Kasih - Regards Muhammad Sobri Maulana