Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

Arjun v1.6 - HTTP Parameter Discovery Suite

$
0
0

Introduction
Web applications use parameters (or queries) to accept user input, take the following example into consideration
http://api.example.com/v1/userinfo?id=751634589
This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.
The best part? It takes less than 30 seconds to go through this huge list while making just 50-60 requests to the target.
Want to know how Arjun does that? Here's how.

Features
  • Multi-threading
  • Thorough detection
  • Automatic rate limit handling
  • A typical scan takes 30 seconds
  • GET/POST/JSON methods supported
  • Huge list of 25,980 parameter names
Note: Arjun doesn't work with python < 3.4

How to use Arjun?
A detailed usage guide is available on Usage section of the Wiki.\
An index of options is given below:

Credits
The parameter names are taken from @SecLists.



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>