0Day.Today | Learn Exploit | Zero World | Dark web |
14.2K subscribers
1.11K photos
76 videos
462 files
1.09K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
🌟 Arjun 🌟

HTTP Parameter Discovery Suite

👁 What's Arjun?

Arjun can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along.

Web applications use parameters (or queries) to accept user input, take the following example into consideration

http://api.example.com/v1/userinfo?id=751634589

This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,890 parameter names.

The best part? It takes less than 10 seconds to go through this huge list while making just 50-60 requests to the target. Here's how

Why Arjun?
🔻Supports GET/POST/POST-JSON/POST-XML requests
🔻Automatically handles rate limits and timeouts
🔻Export results to: BurpSuite, text or JSON file
🔻Import targets from: BurpSuite, text file or a raw request file
🔻Can passively extract parameters from JS or 3 external sources


◀️ Installing Arjun
You can install arjun with pip as following:

➜ ~ pip3 install arjun

or, by downloading this repository and running

➜ ~ python3 setup.py install

⬇️ Download
😸 Github

BugCod3

#Recon #Api #Testing #Fuzzer #Fuzzing

🔥 0Day.Today
👤 T.me/LearnExploit
📢 T.me/Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM