deb_control_files:
- control
- md5sums
- postinst
- prerm
deb_fields:
Architecture: all
Depends: python3-dicttoxml, python3-requests, python3:any
Description: |-
HTTP parameter discovery suite
This package can find query parameters for URL endpoints.
.
Web applications use parameters (or queries) to accept user input, take the
following example into consideration.
.
http://api.example.com/v1/userinfo?id=751634589
.
This URL seems to load user information for a specific user id, but what if
there exists a parameter named admin which when set to True makes the endpoint
provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default
dictionary of 25,890 parameter names.
It takes less than 10 seconds to go through this huge list while making just
50-60 requests to the target.
.
Some features:
- Supports GET/POST/POST-JSON/POST-XML requests;
- Automatically handles rate limits and timeouts;
- Export results to: BurpSuite, text or JSON file;
- Import targets from: BurpSuite, text file or a raw request file;
- Can passively extract parameters from JS or 3 external sources.
.
Arjun is useful for penetration testing (PENTEST) and network security
analysis, serving as OSINT.
Homepage: https://github.com/s0md3v/Arjun
Installed-Size: '347'
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Package: arjun
Priority: optional
Section: misc
Version: 2.2.6-2
srcpkg_name: arjun
srcpkg_version: 2.2.6-2