
What is Arjun?
Arjun is a tool which can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along.
Web applications use parameters (or queries) to accept user input, take the following example into consideration
http://api.example.com/v1/userinfo?id=751634589
This URL seems to load user information for a specific user id, but what if there exists a parameter named admin
which when set to True
makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 10,985 parameter names.
Parameters or queries usually can be inject with some XSS payload or you can test for IDOR vulnerabilty.
The best part? It takes less than 10 seconds to go through this huge list while making just 20-30 requests to the target.
Why Arjun?
- Supports
GET/POST/POST-JSON/POST-XML
requests - Automatically handles rate limits and timeouts
- Export results to: BurpSuite, text or JSON file
- Import targets from: BurpSuite, text file or a raw request file
- Can passively extract parameters from JS or 3 external sources
Installing Arjun
You can install Arjun with pip
as following:
or, by downloading this repository and running
How to use Arjun?
A detailed usage guide is available on Usage section of the Wiki.
Direct links to some basic options are given below:
Optionally, you can use the --help
argument to explore Arjun on your own.