← 返回命令列表

Linux command

arjun 命令

网络

复制后可按需替换文件名、目录或参数。

常用示例

Find GET parameters

arjun -u [https://example.com/page]

Find POST parameters

arjun -u [https://example.com/api] -m POST

Scan with a custom wordlist

arjun -u [https://example.com] -w [path/to/wordlist.txt]

Scan multiple URLs

arjun -i [urls.txt]

Use JSON body

arjun -u [https://example.com/api] -m JSON

Set custom headers

arjun -u [https://example.com] --headers "[Cookie: session=abc]"

Output results

arjun -u [https://example.com] -o [results.json]

Set number of threads

arjun -u [https://example.com] -t [20]

说明

Arjun is a parameter discovery tool designed for web application security testing. It identifies hidden or undocumented HTTP parameters by sending crafted requests and analyzing responses for differences that indicate valid parameters. The tool uses a combination of techniques to detect parameters: it monitors response length, status codes, and content changes when different parameter names are submitted. This allows it to find parameters that trigger distinct server behavior, even when the application doesn't explicitly advertise them. Arjun includes a built-in wordlist of common parameter names but supports custom wordlists for targeted testing. It can discover parameters in GET requests (query strings), POST form data, and JSON bodies. The passive mode queries external sources like web archives and search engines for known parameters. The tool is commonly used in penetration testing and bug bounty hunting to find attack surface that might be missed during initial reconnaissance. Parameters discovered may reveal hidden functionality, debug modes, or additional attack vectors.

参数

-u, --url _url_
Target URL to scan for parameters.
-i, --input _file_
File containing URLs to scan (one per line).
-m, --method _method_
HTTP method to use (GET, POST, JSON, XML). Default: GET.
-w, --wordlist _file_
Custom wordlist for parameter names.
-o _file_
Save results to a JSON output file.
-oT _file_
Save results to a text output file.
-oB _proxy_
Send results to Burp Suite proxy.
-t, --threads _n_
Number of concurrent threads (default: 5).
--json
Send POST data as JSON instead of form data.
--headers _headers_
Custom headers in format "Header: value".
--passive
Use passive sources to find parameters.
--stable
Use more reliable but slower detection.
-d, --delay _seconds_
Delay between requests.
--include _params_
Parameters to always include in requests.
-T, --timeout _seconds_
HTTP request timeout in seconds (default: 15).
-c _n_, --chunks _n_
Number of parameters to send per request.
-q, --quiet
Suppress output except results.

FAQ

What is the arjun command used for?

Arjun is a parameter discovery tool designed for web application security testing. It identifies hidden or undocumented HTTP parameters by sending crafted requests and analyzing responses for differences that indicate valid parameters. The tool uses a combination of techniques to detect parameters: it monitors response length, status codes, and content changes when different parameter names are submitted. This allows it to find parameters that trigger distinct server behavior, even when the application doesn't explicitly advertise them. Arjun includes a built-in wordlist of common parameter names but supports custom wordlists for targeted testing. It can discover parameters in GET requests (query strings), POST form data, and JSON bodies. The passive mode queries external sources like web archives and search engines for known parameters. The tool is commonly used in penetration testing and bug bounty hunting to find attack surface that might be missed during initial reconnaissance. Parameters discovered may reveal hidden functionality, debug modes, or additional attack vectors.

How do I run a basic arjun example?

Run `arjun -u [https://example.com/page]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -u, --url _url_ do in arjun?

Target URL to scan for parameters.