Hey Folks, in this tutorial we are going to talk about another bug bounty tool called “Arjun“. The Arjun tool is specifically designed to find query parameters for URL endpoints. It finds valid HTTP parameters with a huge default dictionary of 10,985 parameter names. The best part of this tool is that it takes less than 10 seconds to go through this huge list while making just 20-30 requests to the target.
Let’s take a look 😛 !!
Now this tool comes pre-installed but only in the latest release of kali linux, so we will try to install it by ourselves. The tool is coded in python language which is why we need to install python compiler to operate this tool.
apt install python python3
Move 😛 !! Once the necessary dependencies are established we proceed to the installation of this tool. We first need to download the entire github project using the git command. After that we go to the directory and execute the python command to configure this tool.
git clone https://github.com/s0md3v/Arjun.git
python3 setup.py install
COOL 😛 !! This tool has been installed in the main library of kali linux and now we can access it from anywhere.
Let us show a demo of this tool. As you can see in the image below, there is no parameter available to give input in URL. Let’s try to explore valid parameter.
All you have to do is name the target URL and wait until the scan is complete. After the scan is complete it will show all valid parameters. Let’s take it one of those valid parameters.
arjun -u http://testphp.vulnweb.com/listproducts.php
Valid 😛 !! The parameter we found is valid. As you can see when we enter a number along with adding parameters then get the results on the web application.
Good 😛 !! As a proof you can see that when we test other parameters they also work fine.
We can present the entire result in JSON file format using the following command.
arjun -u http://testphp.vulnweb.com/listproducts.php -o new.json
Done 😛 !! It looks good 🙂 !!
The main features have been presented to you and you can try the rest one by one yourself.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.