2018-11-10 05:17:12 +05:30
|
|
|
|
|
|
|
|
<h1 align="center">
|
|
|
|
|
<br>
|
|
|
|
|
<a href="https://github.com/s0md3v/Arjun"><img src="https://image.ibb.co/c618nq/arjun.png" alt="Arjun"></a>
|
|
|
|
|
<br>
|
|
|
|
|
Arjun
|
|
|
|
|
<br>
|
|
|
|
|
</h1>
|
|
|
|
|
|
2019-03-11 19:58:09 +05:30
|
|
|
<h4 align="center">HTTP Parameter Discovery Suite</h4>
|
2018-11-10 05:17:12 +05:30
|
|
|
|
|
|
|
|
<p align="center">
|
|
|
|
|
<a href="https://github.com/s0md3v/Arjun/releases">
|
|
|
|
|
<img src="https://img.shields.io/github/release/s0md3v/Arjun.svg">
|
|
|
|
|
</a>
|
|
|
|
|
<a href="https://github.com/s0md3v/Arjun/issues?q=is%3Aissue+is%3Aclosed">
|
|
|
|
|
<img src="https://img.shields.io/github/issues-closed-raw/s0md3v/Arjun.svg">
|
|
|
|
|
</a>
|
|
|
|
|
</p>
|
|
|
|
|
|
2019-03-02 07:54:13 +05:30
|
|
|
|
2018-11-10 05:17:12 +05:30
|
|
|
|
2018-11-10 05:21:17 +05:30
|
|
|
### Features
|
|
|
|
|
- Multi-threading
|
2019-03-03 16:22:30 +05:30
|
|
|
- 4 modes of detection
|
2019-03-02 18:22:31 +05:30
|
|
|
- A typical scan takes 30 seconds
|
2018-11-10 05:21:17 +05:30
|
|
|
- Regex powered heuristic scanning
|
2019-03-02 18:22:31 +05:30
|
|
|
- Huge list of 25,980 parameter names
|
|
|
|
|
- Makes just 30-35 requests to the target
|
2018-11-10 05:21:17 +05:30
|
|
|
|
2018-11-10 05:17:12 +05:30
|
|
|
### Usage
|
2018-11-10 05:21:17 +05:30
|
|
|
|
|
|
|
|
> **Note:** Arjun doesn't work with python < 3.4
|
|
|
|
|
|
2018-11-10 05:17:12 +05:30
|
|
|
#### Discover parameters
|
|
|
|
|
|
|
|
|
|
To find `GET` parameters, you can simply do:
|
2018-11-10 05:21:17 +05:30
|
|
|
|
2018-11-10 05:17:12 +05:30
|
|
|
`python3 arjun.py -u https://api.example.com/endpoint --get`
|
2018-11-10 05:21:17 +05:30
|
|
|
|
|
|
|
|
Similarly, use `--post` to find `POST` parameters.
|
2018-11-10 05:17:12 +05:30
|
|
|
|
|
|
|
|
#### Multi-threading
|
|
|
|
|
Arjun uses 2 threads by default but you can tune its performance according to your network connection.
|
|
|
|
|
|
|
|
|
|
`python3 arjun.py -u https://api.example.com/endpoint --get -t 22`
|
|
|
|
|
|
|
|
|
|
#### Delay between requests
|
|
|
|
|
You can delay the request by using the `-d` option as follows:
|
2018-11-10 05:21:17 +05:30
|
|
|
|
2018-11-10 05:17:12 +05:30
|
|
|
`python3 arjun.py -u https://api.example.com/endpoint --get -d 2`
|
|
|
|
|
|
2019-03-03 16:22:30 +05:30
|
|
|
#### Including presistent data
|
|
|
|
|
Let's say you have an API key that you need to send with every request, to tell Arjun to do that you can use the `--include` option as follows:
|
|
|
|
|
|
2019-03-11 19:58:09 +05:30
|
|
|
`python3 arjun.py -u https://api.example.com/endpoint --get --include 'api_key=xxxxx'`
|
2019-03-03 16:22:30 +05:30
|
|
|
|
|
|
|
|
OR
|
|
|
|
|
|
2019-03-11 19:58:09 +05:30
|
|
|
`python3 arjun.py -u https://api.example.com/endpoint --get --include '{"api_key":"xxxxx"}'`
|
2019-03-03 16:22:30 +05:30
|
|
|
|
|
|
|
|
To include multiple parameters, use `&` to seperate them or pass them as a valid json object.
|
|
|
|
|
|
2019-03-11 17:41:50 +05:30
|
|
|
#### JSON Output
|
|
|
|
|
You can save the result in a JSON format by using the `-o` as follows:
|
|
|
|
|
|
|
|
|
|
`python3 arjun.py -u https://api.example.com/endpoint --get -o result.json`
|
|
|
|
|
|
2018-11-10 05:17:12 +05:30
|
|
|
#### Adding HTTP Headers
|
2018-11-10 05:32:52 +05:30
|
|
|
Using the `--headers` switch will open an interactive prompt where you can paste your headers. Press `Ctrl + S` to save and `Ctrl + X` to procced.
|
2018-11-10 05:17:12 +05:30
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
> **Note:** Arjun uses `nano` as the default editor for the prompt but you can change it by tweaking `/core/prompt.py`.
|
2018-11-10 05:26:26 +05:30
|
|
|
|
|
|
|
|
##### Credits
|
2019-03-02 18:22:31 +05:30
|
|
|
The parameter names are taken from [@SecLists](https://github.com/danielmiessler/SecLists).
|
