s0md3v/Arjun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated readme

Browse Source
This commit is contained in:
Somdev Sangwan
2021-02-08 08:36:52 +05:30
committed by GitHub
parent 5d669c7c83
commit 9d8968c8f8
1 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@@ -29,18 +29,17 @@ Web applications use parameters (or queries) to accept user input, take the foll
`http://api.example.com/v1/userinfo?id=751634589`
This URL seems to load user information for a specific user id, but what if there exists a parameter named `admin` which when set to `True` makes the endpoint provide more information about the user?\
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 10,985 parameter names.
The best part? It takes less than 20 seconds to go through this huge list while making just 50-60 requests to the target. [Here's how](https://github.com/s0md3v/Arjun/wiki/How-Arjun-works%3F).
The best part? It takes less than 10 seconds to go through this huge list while making just 20-30 requests to the target. [Here's how](https://github.com/s0md3v/Arjun/wiki/How-Arjun-works%3F).
### Why Arjun?
- Anomaly detection with 9 factors
- Supports `GET/POST/POST-JSON`
- Supports `GET/POST/POST-JSON/POST-XML` requests
- Automatically handles rate limits and timeouts
- Can import targets from BurpSuite, text file or a raw request file
- Export results to: BurpSuite, text or JSON file
- Import targets from: BurpSuite, text file or a raw request file
- Can passively extract parameters from JS or 3 external sources
- Makes ~50 requests in 20 seconds for checking 25,980 parameter names
### How to use Arjun?
@@ -51,11 +50,11 @@ A detailed usage guide is available on [Usage](https://github.com/s0md3v/Arjun/w
Direct links to some basic options are given below:
- [Scan a single URL](https://github.com/s0md3v/Arjun/wiki/Usage#scan-a-single-url)
- [Import multiple targets](https://github.com/s0md3v/Arjun/wiki/Usage#import-multiple-targets)
- [Save output to a file](https://github.com/s0md3v/Arjun/wiki/Usage#save-output-to-a-file)
- [Import targets](https://github.com/s0md3v/Arjun/wiki/Usage#import-multiple-targets)
- [Export results](https://github.com/s0md3v/Arjun/wiki/Usage#save-output-to-a-file)
- [Use custom HTTP headers](https://github.com/s0md3v/Arjun/wiki/Usage#use-custom-http-headers)
Optionally, you can use the `--help` argument to explore Arjun on your own.
##### Credits
The parameter names wordlist is taken from [@SecLists](https://github.com/danielmiessler/SecLists).
The parameter names wordlist is created by extracting top parameter names from [CommonCrawl](http://commoncrawl.org) dataset and merging best words from [SecLists](https://github.com/danielmiessler/SecLists) and [param-miner](https://github.com/PortSwigger/param-miner) wordlists into that.