2018-11-10 05:17:12 +05:30
< h1 align = "center" >
< br >
< a href = "https://github.com/s0md3v/Arjun" > < img src = "https://image.ibb.co/c618nq/arjun.png" alt = "Arjun" > < / a >
< br >
Arjun
< br >
< / h1 >
2019-03-11 19:58:09 +05:30
< h4 align = "center" > HTTP Parameter Discovery Suite< / h4 >
2018-11-10 05:17:12 +05:30
< p align = "center" >
< a href = "https://github.com/s0md3v/Arjun/releases" >
< img src = "https://img.shields.io/github/release/s0md3v/Arjun.svg" >
< / a >
< a href = "https://github.com/s0md3v/Arjun/issues?q=is%3Aissue+is%3Aclosed" >
< img src = "https://img.shields.io/github/issues-closed-raw/s0md3v/Arjun.svg" >
< / a >
< / p >
2019-10-23 14:29:51 +05:30
2019-04-12 19:36:36 +05:30
### Introduction
Web applications use parameters (or queries) to accept user input, take the following example into consideration
`http://api.example.com/v1/userinfo?id=751634589`
2019-04-12 19:38:32 +05:30
This URL seems to load user information for a specific user id, but what if there exists a parameter named `admin` which when set to `True` makes the endpoint provide more information about the user?\
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.
2019-10-23 13:30:57 +05:30
The best part? It takes less than 30 seconds to go through this huge list while making just 50-60 requests to the target.\
2019-04-12 19:38:32 +05:30
Want to know how Arjun does that? [Here's how ](https://github.com/s0md3v/Arjun/wiki/How-Arjun-works%3F ).
2018-11-10 05:17:12 +05:30
2019-11-18 21:31:00 +05:30
### Donations
You can encourage me to contribute more to the open source with donations.
- Paypal - [https://paypal.me/s0md3v ](https://paypal.me/s0md3v )
- Credit/Debit Card - [https://www.buymeacoffee.com/s0md3v ](https://www.buymeacoffee.com/s0md3v )
Do you want to sponsor Arjun and get mentioned here? Email me `s0md3v[at]gmail[dot]com`
2018-11-10 05:21:17 +05:30
### Features
- Multi-threading
2019-04-12 19:36:36 +05:30
- Thorough detection
2019-10-23 13:30:57 +05:30
- Automatic rate limit handling
2019-03-02 18:22:31 +05:30
- A typical scan takes 30 seconds
2019-10-23 13:30:57 +05:30
- `GET/POST/JSON` methods supported
2019-03-02 18:22:31 +05:30
- Huge list of 25,980 parameter names
2018-11-10 05:21:17 +05:30
> **Note:** Arjun doesn't work with python < 3.4
2019-04-12 19:36:36 +05:30
#### How to use Arjun?
2018-11-10 05:17:12 +05:30
2019-04-12 19:36:36 +05:30
A detailed usage guide is available on [Usage ](https://github.com/s0md3v/Arjun/wiki/Usage ) section of the Wiki.\
2019-10-23 13:30:57 +05:30
2019-04-12 19:36:36 +05:30
An index of options is given below:
2018-11-10 05:17:12 +05:30
2019-04-12 19:36:36 +05:30
- [Scanning a single URL ](https://github.com/s0md3v/Arjun/wiki/Usage#scanning-a-single-url )
- [Scanning multiple URLs ](https://github.com/s0md3v/Arjun/wiki/Usage#scanning-multiple-urls )
- [Choosing number of threads ](https://github.com/s0md3v/Arjun/wiki/Usage#multi-threading )
2019-10-23 13:30:57 +05:30
- [Handling rate limits ](https://github.com/s0md3v/Arjun/wiki/Usage#handling-rate-limits )
2019-04-12 19:36:36 +05:30
- [Delay between requests ](https://github.com/s0md3v/Arjun/wiki/Usage#delay-between-requests )
- [Including presistent data ](https://github.com/s0md3v/Arjun/wiki/Usage#including-persistent-data )
- [Saving output to a file ](https://github.com/s0md3v/Arjun/wiki/Usage#saving-output-to-a-file )
- [Adding custom HTTP headers ](https://github.com/s0md3v/Arjun/wiki/Usage#adding-http-headers )
2018-11-10 05:26:26 +05:30
##### Credits
2019-03-02 18:22:31 +05:30
The parameter names are taken from [@SecLists ](https://github.com/danielmiessler/SecLists ).
