Arjun v1.4 releases: finding hidden GET & POST parameters


Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce.


  • Multi-threading
  • 3 modes of detection
  • Regex powered heuristic scanning
  • Huge list of 3370 parameter names

Changelog v1.4

  • Added JSON support
  • Fixed a major bug in detection logic
  • -o option to save result to a file
  • --urls option to scan list of URLs
  • Ability to supply HTTP headers from CLI


git clone


Discover parameters

To find GET  parameters, you can simply do:

python3 -u --get

Similarly, use –post to find POST parameters.


It uses 2 threads by default but you can tune its performance according to your network connection.

python3 -u --get -t 22

Delay between requests

You can delay the request by using the -d option as follows:

python3 -u --get -d 2

Adding HTTP Headers

Using the –headers switch will open an interactive prompt where you can paste your headers. Press Ctrl + S to save and Ctrl + X to proceed.



Copyright (C) 2018  s0md3v