Arjun v1.4 releases: finding hidden GET & POST parameters

Arjun

Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce.

Features

  • Multi-threading
  • 3 modes of detection
  • Regex powered heuristic scanning
  • Huge list of 3370 parameter names

Changelog v1.4

  • Added JSON support
  • Fixed a major bug in detection logic
  • -o option to save result to a file
  • --urls option to scan list of URLs
  • Ability to supply HTTP headers from CLI

Download

git clone https://github.com/UltimateHackers/Arjun.git

Usages

Discover parameters

To find GET  parameters, you can simply do:

python3 arjun.py -u https://api.example.com/endpoint --get

Similarly, use –post to find POST parameters.

Multi-threading

It uses 2 threads by default but you can tune its performance according to your network connection.

python3 arjun.py -u https://api.example.com/endpoint --get -t 22

Delay between requests

You can delay the request by using the -d option as follows:

python3 arjun.py -u https://api.example.com/endpoint --get -d 2

Adding HTTP Headers

Using the –headers switch will open an interactive prompt where you can paste your headers. Press Ctrl + S to save and Ctrl + X to proceed.

 

 

Copyright (C) 2018  s0md3v

Source: https://github.com/UltimateHackers/

Share