Arjun v1.3 releases: finding hidden GET & POST parameters

Arjun

Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce.

Features

  • Multi-threading
  • 3 modes of detection
  • Regex powered heuristic scanning
  • Huge list of 3370 parameter names

Changelog v1.3

  • improved logic
  • detection by plain-text content matching
  • --include switch to include persistent data
  • fixed a bug that caused user supplied headers to have no effect

Download

git clone https://github.com/UltimateHackers/Arjun.git

Usages

Discover parameters

To find GET  parameters, you can simply do:

python3 arjun.py -u https://api.example.com/endpoint --get

Similarly, use –post to find POST parameters.

Multi-threading

It uses 2 threads by default but you can tune its performance according to your network connection.

python3 arjun.py -u https://api.example.com/endpoint --get -t 22

Delay between requests

You can delay the request by using the -d option as follows:

python3 arjun.py -u https://api.example.com/endpoint --get -d 2

Adding HTTP Headers

Using the –headers switch will open an interactive prompt where you can paste your headers. Press Ctrl + S to save and Ctrl + X to proceed.

 

 

Copyright (C) 2018  s0md3v

Source: https://github.com/UltimateHackers/

Share