Arjun v1.3 – HTTP Parameter Discovery Suite

Arjun v1.3 - HTTP Parameter Discovery Suite


  • Multi-threading
  • Four modes of detection
  • A typical scan takes 30 seconds
  • Regex powered heuristic scanning
  • Huge checklist of 25,980 parameter names
  • Makes simply 30-35 requests to the goal


Note: Arjun would not work with python < 3.4

Discover parameters
To discover GET parameters, you may merely do:
python3 -u --get
Similarly, use --post to search out POST parameters.

Arjun makes use of 2 threads by default however you may tune its performance in line with your community connection.
python3 -u --get -t 22

Delay between requests
You can delay the request by utilizing the -d choice as follows:
python3 -u --get -d 2

Including presistent knowledge
Let’s say you’ve gotten an API key that you want to ship with each request, to inform Arjun to try this you should utilize the --include choice as follows:
python3 -u --get --include 'api_key=xxxxx'
python3 -u --get --include '{"api_key":"xxxxx"}'
To embrace a number of parameters, use & to seperate them or cross them as a legitimate json object.

JSON Output
You can save the lead to a JSON format by utilizing the -o as follows:
python3 -u --get -o outcome.json

Adding HTTP Headers
Using the --headers change will open an interactive immediate the place you may paste your headers. Press Ctrl + S to save lots of and Ctrl + X to procced.

Note: Arjun makes use of nano because the default editor for the immediate however you may change it by tweaking /core/

The parameter names are taken from @SecLists.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.