Sponsored
Bugbounty Tools

Arjun – Hidden HTTP Parameter Discovery Suite

Hey Folks, in this tutorial we are going to talk about another bug bounty tool called “Arjun“. The Arjun tool is specifically designed to find query parameters for URL endpoints. It finds valid HTTP parameters with a huge default dictionary of 10,985 parameter names. The best part of this tool is that it takes less than 10 seconds to go through this huge list while making just 20-30 requests to the target.

Let’s take a look 😛 !!

Configure Dependencies

Now this tool comes pre-installed but only in the latest release of kali linux, so we will try to install it by ourselves. The tool is coded in python language which is why we need to install python compiler to operate this tool.

apt install python python3

Move 😛 !! Once the necessary dependencies are established we proceed to the installation of this tool. We first need to download the entire github project using the git command. After that we go to the directory and execute the python command to configure this tool.

git clone https://github.com/s0md3v/Arjun.git
cd Arjun
ls -l
python3 setup.py install

COOL 😛 !! This tool has been installed in the main library of kali linux and now we can access it from anywhere.

arjun -h

Let us show a demo of this tool. As you can see in the image below, there is no parameter available to give input in URL. Let’s try to explore valid parameter.

http://testphp.vulnweb.com/listproducts.php

All you have to do is name the target URL and wait until the scan is complete. After the scan is complete it will show all valid parameters. Let’s take it one of those valid parameters.

arjun -u http://testphp.vulnweb.com/listproducts.php

Valid 😛 !! The parameter we found is valid. As you can see when we enter a number along with adding parameters then get the results on the web application.

Good 😛 !! As a proof you can see that when we test other parameters they also work fine.

Save (JSON)

We can present the entire result in JSON file format using the following command.

arjun -u http://testphp.vulnweb.com/listproducts.php -o new.json

Done 😛 !! It looks good 🙂 !!

The main features have been presented to you and you can try the rest one by one yourself.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
Sponsored
Leave a Comment
Share
Published by
Shubham Goyal
Tags: arjunarjun - find hidden http paramtetersarjun : discover hidden http paramtetersarjun http parameter discover suitearjun toolarjun tool githubarjun tool to find hidden http parametersdiscover hidden http paramtetershow to discover hidden paramteters in web applshow to find hidden paramtetershttp paramteters discover suite
4 years ago

Recent Posts

Gau (GetAllUrls) – Find Known and Hidden URL

The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…

3 months ago

Jsluicepp – Burp Extension for JS Secrets – BugBountyTip

Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…

8 months ago

Bypassing Firewalls (WAF) with XSS Payloads

Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…

8 months ago

Termux Cheat Sheet for Hackers

Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…

1 year ago

Cracking the X-Factor in Cybersecurity: How Humans are Protecting the Systems?

Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…

2 years ago

Cariddi – Hidden Endpoint Finder for Bug Hunting

Hey Folks, we are back today after such a long break, but don't worry we…

3 years ago
Sponsored

This website uses cookies.