arjun

Arjun is a powerful tool designed to discover hidden HTTP parameters during web penetration testing. It automates the process of identifying parameters that a web application accepts, which can be crucial in identifying security vulnerabilities.

Installation

1. Install via Git

$ git clone https://github.com/s0md3v/Arjun
$ cd Arjun
$ python3 setup.py install

2. Install via pip

pip3 install arjun

Usage

1. Scan a Single URL

arjun -u https://api.example.com/endpoint

This command scans the target URL for hidden parameters.

2. Specify HTTP Method

Arjun scans for GET parameters by default but can also check for POST, JSON, and XML.

arjun -u https://api.example.com/endpoint -m POST

3. Import Targets

Arjun supports target imports from BurpSuite, text files, and raw request files.

arjun -i targets.txt

Note: Uncheck the "base64" option when exporting from Burp Suite.

4. Export Results

Results can be saved in various formats:

arjun -u https://api.example.com/endpoint -oJ result.json  # JSON format
arjun -u https://api.example.com/endpoint -oT result.txt  # Text file
arjun -u https://api.example.com/endpoint -oB 127.0.0.1:8080  # Burp Suite

5. Specify Injection Points

Arjun can scan parameters in JSON or XML:

arjun -u https://api.example.com/endpoint -m JSON --include='{"root":{"a":"b",$arjun$}}'
arjun -u https://api.example.com/endpoint -m XML --include='<?xml><root>$arjun$</root>'

6. Multi-threading for Faster Scans

arjun -u https://api.example.com/endpoint -t 10

By default, Arjun uses 2 threads, but you can increase this value for faster scans.

7. Introduce a Delay Between Requests

arjun -u https://api.example.com/endpoint -d 2

Using -d introduces a delay between requests and sets threads to 1.

8. Set a Request Timeout

arjun -u https://api.example.com/endpoint -T 10

Default timeout is 15 seconds; use -T to modify this.

9. Handle Rate Limits

To introduce random delays and reduce request frequency:

arjun -u https://api.example.com/endpoint --stable

This sets threads to 1 and adds a random delay of 6-12 seconds.

10. Include Persistent Data

If an API key is required for requests:

arjun -u https://api.example.com/endpoint --include 'api_key=xxxxx'

Multiple parameters can be added using & or JSON format.

11. Use a Custom Wordlist

arjun -u https://api.example.com/endpoint -w /path/to/wordlist.txt

Arjun provides built-in wordlists (small, medium, large).

12. Control Query/Chunk Size

arjun -u https://api.example.com/endpoint -c 250

By default, Arjun includes 500 parameters per request, which may exceed URL length limits. Use -c to adjust this.

13. Disable Redirects

arjun -u https://api.example.com/redirects_to_api2 --disable-redirects

Prevents Arjun from following HTTP redirects.

14. Collect Parameters from Passive Sources

Arjun can extract parameter names from CommonCrawl, Open Threat Exchange, and Wayback Machine:

arjun https://api.example.com/endpoint --passive example.com

For automatic domain detection, use:

arjun -u https://api.example.com/endpoint --passive -

Reference

PreviousdirsearchNextnikto

Last updated