Arjun introduction

Arjun is a tool that can find query parameters for URL endpoints.


$ pip3 install arjun

Defaulting to user installation because normal site-packages is not writeable
Collecting arjun
  Downloading arjun-2.1.51.tar.gz (127 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 127.8/127.8 kB 1.1 MB/s eta 0:00:00
  Preparing metadata ( ... done
Requirement already satisfied: dicttoxml in /usr/lib/python3/dist-packages (from arjun) (1.7.4)
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from arjun) (2.27.1)
Building wheels for collected packages: arjun
  Building wheel for arjun ( ... done
  Created wheel for arjun: filename=arjun-2.1.51-py3-none-any.whl size=128792 sha256=653c6e1f2685dae4793a77de55e3a6356ba1fa9bde4adcbe3d6894b0b8f189d6
  Stored in directory: /home/ruben/.cache/pip/wheels/00/0a/cc/8759554b1b3f0f6dcf061a5c3c163466cf585311113f193495
Successfully built arjun
Installing collected packages: arjun
  WARNING: The script arjun is installed in '/home/ruben/.local/bin' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed arjun-2.1.51

$vim .zshrc

`export PATH="/home/ruben/.local/bin":$PATH`

$ source .zshrc
$ arjun

   /_| _ '
  (  |/ /(//) v2.1.51

[-] No target(s) specified


Single target

$ arjun -u

Specify HTTP method

Arjun looks for GET method parameters by default. All available methods are: GET/POST/JSON/XML.

$ arjun -u -m POST

Import targets

Arjun supports importing targets from BurpSuite, simple text file and raw request files. Arjun can automatically identify the type of input file so you just need to specify the path.

$ arjun -i targets.txt

Export results

You can export the result to BurpSuite or a txt/JSON file by using the respective option.

$ arjun -u -oJ result.json

-oJ result.json
-oT result.txt

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *