Arjun V1.3 - Http Parameter Regain Suite

Features

• Multi-threading
• 4 modes of detection
• A typical scan takes thirty seconds
• Regex powered heuristic scanning
• Huge listing of 25,980 parameter names
• Makes precisely 30-35 requests to the target

Usage

Note: Arjun doesn't run amongst python < 3.4

Discover parameters
To give away GET parameters, y'all tin only do:
python3 arjun.py -u https://api.example.com/endpoint --get
Similarly, purpose --post to give away POST parameters.

Multi-threading
Arjun uses 2 threads yesteryear default but y'all tin melody its performance according to your network connection.
python3 arjun.py -u https://api.example.com/endpoint --get -t 22

Delay betwixt requests
You tin delay the asking yesteryear using the -d pick equally follows:
python3 arjun.py -u https://api.example.com/endpoint --get -d 2

Including presistent data
Let's tell y'all get got an API cardinal that y'all involve to ship amongst every request, to tell Arjun to produce that y'all tin purpose the --include pick equally follows:
python3 arjun.py -u https://api.example.com/endpoint --get --include 'api_key=xxxxx'
OR
python3 arjun.py -u https://api.example.com/endpoint --get --include '{"api_key":"xxxxx"}'
To include multiple parameters, purpose & to seperate them or croak them equally a valid json object.

JSON Output
You tin salve the effect inwards a JSON format yesteryear using the -o equally follows:
python3 arjun.py -u https://api.example.com/endpoint --get -o result.json

Adding HTTP Headers
Using the --headers switch volition opened upward an interactive prompt where y'all tin glue your headers. Press Ctrl + S to salve too Ctrl + X to procced.

Note: Arjun uses nano equally the default editor for the prompt but y'all tin alter it yesteryear tweaking /core/prompt.py.

Credits
The parameter names are taken from @SecLists.

Download Arjun