Arjun v1.3 releases: finding hidden GET & POST parameters


Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce.


  • Multi-threading
  • 3 modes of detection
  • Regex powered heuristic scanning
  • Huge list of 3370 parameter names

Changelog v1.3

  • improved logic
  • detection by plain-text content matching
  • --include switch to include persistent data
  • fixed a bug that caused user supplied headers to have no effect


git clone


Discover parameters

To find GET  parameters, you can simply do:

python3 -u --get

Similarly, use –post to find POST parameters.


It uses 2 threads by default but you can tune its performance according to your network connection.

python3 -u --get -t 22

Delay between requests

You can delay the request by using the -d option as follows:

python3 -u --get -d 2

Adding HTTP Headers

Using the –headers switch will open an interactive prompt where you can paste your headers. Press Ctrl + S to save and Ctrl + X to proceed.



Copyright (C) 2018  s0md3v