Web Application Analysishttpparameterdiscoverypentestosintweb

Arjun

Arjun is an HTTP parameter discovery suite that finds query parameters for URL endpoints using a large dictionary of 25,890 parameter names. It efficiently tests parameters with minimal requests, typically completing in under 10 seconds.

Description

Web applications use parameters or queries to accept user input, such as in http://api.example.com/v1/userinfo?id=751634589. Arjun discovers hidden parameters like 'admin' that could reveal more information when set to specific values. It brute-forces valid HTTP parameters rapidly, making just 50-60 requests to the target.

Arjun supports penetration testing (PENTEST) and network security analysis, serving as an OSINT tool. Key features include support for GET/POST/POST-JSON/POST-XML requests, automatic handling of rate limits and timeouts, export to BurpSuite, text, or JSON files, and import from BurpSuite, text files, or raw request files. It can also passively extract parameters from JS or 3 external sources.

How It Works

Arjun uses a default dictionary of 25,890 parameter names to test URL endpoints by injecting parameters into requests. It supports GET/POST/POST-JSON/POST-XML methods, employs concurrent threads for efficiency, handles rate limits and timeouts automatically, and chunks requests to minimize the number needed (50-60 for the full list). Passive mode extracts parameters from JavaScript or external sources without active requests.

Installation

bash

sudo apt install arjun

Flags

-h, --helpshow this help message and exit

-u URLTarget URL

-o, -oJ JSON_FILEPath for json output file.

-oT TEXT_FILEPath for text output file.

-oB [BURP_PROXY]Output to Burp Suite Proxy. Default is 127.0.0.1:8080.

-d DELAYDelay between requests in seconds. (default: 0)

-t THREADSNumber of concurrent threads. (default: 5)

-w WORDLISTWordlist file path. (default: {arjundir}/db/large.txt)

-m METHODHTTP method

-i [IMPORT_FILE]Import file

-T TIMEOUTTimeout

-c CHUNKSChunks

-qQuiet mode

--rate-limit RATE_LIMITRate limit

--headers [HEADERS]Headers

--passive [PASSIVE]Passive mode

--stableStable mode

--include INCLUDEInclude

--disable-redirectsDisable redirects

--casing CASINGCasing

Examples

Show the help message and usage options.

arjun -h

Discover parameters for the target URL using default wordlist and settings.

arjun -u http://api.example.com/v1/userinfo

Scan target URL and export results to a JSON file.

arjun -u http://target.com -o output.json

Scan target URL and export results to a text file.

arjun -u http://target.com -oT output.txt

Scan target URL and output results to Burp Suite Proxy at default 127.0.0.1:8080.

arjun -u http://target.com -oB

Scan target URL using 10 concurrent threads.

arjun -u http://target.com -t 10

Scan target URL using a custom wordlist file.

arjun -u http://target.com -w custom.txt

Passively extract parameters from JS or external sources for the target.

arjun -u http://target.com --passive

Updated 2026-04-16kali.org ↗