Description
Arjun finds hidden GET and POST parameters in web applications. It uses a massive default wordlist and multiple heuristics to detect parameters, making it excellent for finding attack surface that other tools miss.
Installation
BASH
pip install arjunBasic Usage
BASH
# GET parameters
arjun -u https://target.com/page
# POST parameters
arjun -u https://target.com/page -m POST
# JSON body
arjun -u https://target.com/api -m JSONAdvanced Usage
BASH
# From file
arjun -i urls.txt -oT params.txt
# Custom wordlist
arjun -u https://target.com -w params.txt
# With headers
arjun -u https://target.com --headers "Cookie: session=abc"
# Set threads
arjun -u https://target.com -t 10
# Include specific parameters
arjun -u https://target.com --include id,page,search
# Output formats
arjun -u https://target.com -oJ results.jsonCommon Workflows
BASH
# Find hidden parameters in alive hosts
cat alive.txt | while read url; do arjun -u "$url" -oT params-found.txt; done
# Discover params, then fuzz
arjun -u https://target.com/search -oT params.txt