パッケージ: arjun (2.2.2-1)
HTTP parameter discovery suite
This package can find query parameters for URL endpoints.
Web applications use parameters (or queries) to accept user input, take the following example into consideration.
http://api.example.com/v1/userinfo?id=751634589
This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,890 parameter names. It takes less than 10 seconds to go through this huge list while making just 50-60 requests to the target.
Some features:
- Supports GET/POST/POST-JSON/POST-XML requests; - Automatically handles rate limits and timeouts; - Export results to: BurpSuite, text or JSON file; - Import targets from: BurpSuite, text file or a raw request file; - Can passively extract parameters from JS or 3 external sources.
Arjun is useful for penetration testing (PENTEST) and network security analysis, serving as OSINT.
その他の arjun 関連パッケージ
|
|
|
|
-
- dep: python3
- 対話式の高レベルオブジェクト指向言語 (デフォルト python3 バージョン)
-
- dep: python3-dicttoxml
- Python 3 module for converting dict into a XML string
-
- dep: python3-requests
- 人間のために作られた、Python 3 向けの洗練された単純な HTTP ライブラリ