Sponsored
Bugbounty Tools

Arjun – Hidden HTTP Parameter Discovery Suite

Hey Folks, in this tutorial we are going to talk about another bug bounty tool called “Arjun“. The Arjun tool is specifically designed to find query parameters for URL endpoints. It finds valid HTTP parameters with a huge default dictionary of 10,985 parameter names. The best part of this tool is that it takes less than 10 seconds to go through this huge list while making just 20-30 requests to the target.

Let’s take a look 😛 !!

Configure Dependencies

Now this tool comes pre-installed but only in the latest release of kali linux, so we will try to install it by ourselves. The tool is coded in python language which is why we need to install python compiler to operate this tool.

apt install python python3

Move 😛 !! Once the necessary dependencies are established we proceed to the installation of this tool. We first need to download the entire github project using the git command. After that we go to the directory and execute the python command to configure this tool.

git clone https://github.com/s0md3v/Arjun.git
cd Arjun
ls -l
python3 setup.py install

COOL 😛 !! This tool has been installed in the main library of kali linux and now we can access it from anywhere.

arjun -h

Let us show a demo of this tool. As you can see in the image below, there is no parameter available to give input in URL. Let’s try to explore valid parameter.

http://testphp.vulnweb.com/listproducts.php

All you have to do is name the target URL and wait until the scan is complete. After the scan is complete it will show all valid parameters. Let’s take it one of those valid parameters.

arjun -u http://testphp.vulnweb.com/listproducts.php

Valid 😛 !! The parameter we found is valid. As you can see when we enter a number along with adding parameters then get the results on the web application.

Good 😛 !! As a proof you can see that when we test other parameters they also work fine.

Save (JSON)

We can present the entire result in JSON file format using the following command.

arjun -u http://testphp.vulnweb.com/listproducts.php -o new.json

Done 😛 !! It looks good 🙂 !!

The main features have been presented to you and you can try the rest one by one yourself.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
Sponsored
Leave a Comment
Share
Published by
Shubham Goyal
Tags: arjunarjun - find hidden http paramtetersarjun : discover hidden http paramtetersarjun http parameter discover suitearjun toolarjun tool githubarjun tool to find hidden http parametersdiscover hidden http paramtetershow to discover hidden paramteters in web applshow to find hidden paramtetershttp paramteters discover suite
3 years ago

Recent Posts

Termux Cheat Sheet for Hackers

Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…

1 month ago

Cracking the X-Factor in Cybersecurity: How Humans are Protecting the Systems?

Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…

8 months ago

Cariddi – Hidden Endpoint Finder for Bug Hunting

Hey Folks, we are back today after such a long break, but don't worry we…

2 years ago

API Security Testing 101: Know Everything About API Security Testing!

The security of your API should be one of the top priorities of companies. Without…

2 years ago

7 Best Tools for Web Penetration Testing: Comprehensive Details

Hey Folks, In today's business world, it is essential to have an online presence. However,…

2 years ago

Cyber Security Audits: Everything You Need to Know About It

Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…

2 years ago
Sponsored

This website uses cookies.