icon Book Free Consultation

Arjun Tool to Identifies hidden GET and POST Parameters

Image

Web applications use parameters (or queries) to accept user input, take the following example into consideration

http://api.example.com/v1/userinfo?id=751634589

  • This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?

  • This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,980 parameter names.

  • The best part? It takes less than 30 seconds to go through this huge list while making just 50-60 requests to the target.

Demo

Lock image

 

Scanning a single URL

To find GET parameters, you can simply do:

python3 arjun.py -u https://api.example.com/endpoint --get

Similarly, use --post for POST and --json to look for JSON parameters.

Scanning multiple URLs

A list of URLs stored in a file can be test by using the --urls option as follows

python3 arjun.py --urls targets.txt --get

Multi-threading

Arjun uses 2 threads by default but you can tune its performance according to your network connection and target allowance.

python3 arjun.py -u https://api.example.com/endpoint --get -t 22

Delay between requests

You can delay the request by using the -d option as follows:

python3 arjun.py -u https://api.example.com/endpoint --get -d 2

Handling rate limits

--stable switch sets the number of threads to 1 and introduces a random delay of 6 to 12 seconds between requests.

python3 arjun.py -u https://api.example.com/endpoint --get --stable

Including persistent data

Let's say you have an API key that you need to send with every request, to tell Arjun to do that you can use the --include option as follows:

python3 arjun.py -u https://api.example.com/endpoint --get --include 'api_key=xxxxx'

OR

python3 arjun.py -u https://api.example.com/endpoint --get --include '{"api_key":"xxxxx"}'

To include multiple parameters, use & to seperate them or pass them as a valid json object.

Saving output to a file

You can save the result in a JSON format by using the -o as follows:

python3 arjun.py -u https://api.example.com/endpoint --get -o result.json