GitHub - s0md3v/Arjun: HTTP parameter discovery suite.
submited by
Style Pass
This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,890 parameter names.
The best part? It takes less than 10 seconds to go through this huge list while making just 50-60 requests to the target. Here's how.
The parameter names wordlist is created by extracting top parameter names from CommonCrawl dataset and merging best words from SecLists and param-miner wordlists into that. db/special.json wordlist is taken from data-payloads.
Read more github.com/s...
/cdn.vox-cdn.com/uploads/chorus_asset/file/25417835/51684715392_2615642caa_o.jpg)
