GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → s0md3v → Arjun

s0md3v / Arjun

Licence: gpl-3.0
HTTP parameter discovery suite.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

reconapi-testingapi-fuzzerapi-fuzzingparameter-discovery

Projects that are alternatives of or similar to Arjun

Mockbin
Mock, Test & Track HTTP Requests and Response for Microservices
Stars: ✭ 1,782 (-36.17%)
Mutual labels:  api-testing
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-93.95%)
Mutual labels:  recon
3klcon
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-93.23%)
Mutual labels:  recon
Striker
Striker is an offensive information and vulnerability scanner.
Stars: ✭ 1,851 (-33.7%)
Mutual labels:  recon
Osint Tools
👀 Some of my favorite OSINT tools.
Stars: ✭ 155 (-94.45%)
Mutual labels:  recon
Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-93.8%)
Mutual labels:  recon
Amass
In-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 1,693 (-39.36%)
Mutual labels:  recon
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (-8.74%)
Mutual labels:  recon
Hippie Swagger
API testing tool with automatic swagger assertions
Stars: ✭ 166 (-94.05%)
Mutual labels:  api-testing
Whoishere.py
WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.
Stars: ✭ 182 (-93.48%)
Mutual labels:  recon
Evomaster
A tool for automatically generating system-level test cases. Currently targeting REST APIs.
Stars: ✭ 151 (-94.59%)
Mutual labels:  api-testing
Siem
SIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (-94.38%)
Mutual labels:  recon
Xrcross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (-93.73%)
Mutual labels:  recon
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-94.99%)
Mutual labels:  recon
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (-93.19%)
Mutual labels:  recon
Wprecon
WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Stars: ✭ 135 (-95.16%)
Mutual labels:  recon
Url Tracker
Change monitoring app that checks the content of web pages in different periods.
Stars: ✭ 171 (-93.88%)
Mutual labels:  recon
Iky
OSINT Project
Stars: ✭ 203 (-92.73%)
Mutual labels:  recon
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-93.19%)
Mutual labels:  recon
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-93.66%)
Mutual labels:  recon
View All Similar Projects ➔


Arjun
Arjun

HTTP Parameter Discovery Suite

demo

What's Arjun?

Arjun can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along.

Web applications use parameters (or queries) to accept user input, take the following example into consideration

http://api.example.com/v1/userinfo?id=751634589

This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 10,985 parameter names.

The best part? It takes less than 10 seconds to go through this huge list while making just 20-30 requests to the target. Here's how.

Why Arjun?

  • Supports GET/POST/POST-JSON/POST-XML requests
  • Automatically handles rate limits and timeouts
  • Export results to: BurpSuite, text or JSON file
  • Import targets from: BurpSuite, text file or a raw request file
  • Can passively extract parameters from JS or 3 external sources

Installing Arjun

You can install arjun with pip as following:

pip3 install arjun

or, by downloading this repository and running

python3 setup.py install

How to use Arjun?

A detailed usage guide is available on Usage section of the Wiki.

Direct links to some basic options are given below:

Optionally, you can use the --help argument to explore Arjun on your own.

Credits

The parameter names wordlist is created by extracting top parameter names from CommonCrawl dataset and merging best words from SecLists and param-miner wordlists into that.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].