arjun
Arjun can find query parameters for URL endpoints
Usage
Usage: arjun [options]
| Option | Description |
|---|---|
-u URL | Target URL |
-o, -oJ JSON_FILE | Path for json output file. |
-oT TEXT_FILE | Path for text output file. |
-oB [BURP_PROXY] | Output to Burp Suite Proxy. Default is 127.0.0.1:8080. |
-d DELAY | Delay between requests in seconds. (default: 0) |
-t THREADS | Number of concurrent threads. (default: 5) |
-w WORDLIST | Wordlist file path. (default: {arjundir}/db/large.txt) |
-m METHOD | Request method to use: GET/POST/XML/JSON. (default: GET) |
-i [IMPORT_FILE] | Import target URLs from file. |
-T TIMEOUT | HTTP request timeout in seconds. (default: 15) |
-c CHUNKS | Chunk size. The number of parameters to be sent at once |
-q | Quiet mode. No output. |
--rate-limit RATE_LIMIT | Max number of requests to be sent out per second (default: 9999) |
--headers [HEADERS] | Add headers. Separate multiple headers with a new line. |
--passive [PASSIVE] | Collect parameter names from passive sources like wayback, commoncrawl and otx. |
--stable | Prefer stability over speed. |
--include INCLUDE | Include this data in every request. |
--disable-redirects | disable redirects |
--casing CASING | casing style for params e.g. like_this, likeThis, likethis |
Examples
Run Arjun against a single URL:
arjun -u https://api.example.com/endpointSpecify HTTP method. Arjun looks for GET method parameters by default. All available methods are: GET/POST/JSON/XML
arjun -u https://api.example.com/endpoint -m POSTArjun supports importing targets from BurpSuite, simple text file and raw request files. Arjun can automatically identify the type of input file so you just need to specify the path.
arjun -i targets.txtYou can export the result to BurpSuite or a txt/JSON file by using the respective option.
arjun -u https://api.example.com/endpoint -oJ result.json
# -oJ result.json
# -oT result.txt
# -oB 127.0.0.1:8080You can specify the path to your own wordlist with this option. Arjun comes with 3 word-lists out-of-the-box which can be used as -w small|medium|large, self-explanatory.
arjun -u https://api.example.com/endpoint -w /path/to/wordlist.txt