Hey Folks, in this tutorial we are going to talk about another bug bounty tool called “Arjun“. The Arjun tool is specifically designed to find query parameters for URL endpoints. It finds valid HTTP parameters with a huge default dictionary of 10,985 parameter names. The best part of this tool is that it takes less than 10 seconds to go through this huge list while making just 20-30 requests to the target.

Let’s take a look 😛 !!

Configure Dependencies

Now this tool comes pre-installed but only in the latest release of kali linux, so we will try to install it by ourselves. The tool is coded in python language which is why we need to install python compiler to operate this tool.

Move 😛 !! Once the necessary dependencies are established we proceed to the installation of this tool. We first need to download the entire github project using the git command. After that we go to the directory and execute the python command to configure this tool.

COOL 😛 !! This tool has been installed in the main library of kali linux and now we can access it from anywhere.

Let us show a demo of this tool. As you can see in the image below, there is no parameter available to give input in URL. Let’s try to explore valid parameter.

All you have to do is name the target URL and wait until the scan is complete. After the scan is complete it will show all valid parameters. Let’s take it one of those valid parameters.

Valid 😛 !! The parameter we found is valid. As you can see when we enter a number along with adding parameters then get the results on the web application.

Good 😛 !! As a proof you can see that when we test other parameters they also work fine.

Save (JSON)

We can present the entire result in JSON file format using the following command.

Done 😛 !! It looks good 🙂 !!

The main features have been presented to you and you can try the rest one by one yourself.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Leave a Reply

Your email address will not be published. Required fields are marked *