Bug#1027454: ITP: arjun -- HTTP parameter discovery suite

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1027454: ITP: arjun -- HTTP parameter discovery suite
From: Guilherme de Paula Xavier Segundo <guilherme.lnx@gmail.com>
Date: Sat, 31 Dec 2022 16:07:29 -0300
Message-id: <[🔎] 167251364948.2808961.4429132297263124357.reportbug@pd123.coamo.com.br>
Reply-to: Guilherme de Paula Xavier Segundo <guilherme.lnx@gmail.com>, 1027454@bugs.debian.org

Package: wnpp
Severity: wishlist
Owner: Guilherme de Paula Xavier Segundo <guilherme.lnx@gmail.com>
X-Debbugs-Cc: debian-devel@lists.debian.org, guilherme.lnx@gmail.com, debian-security-tools@lists.debian.org, s0md3v@gmail.com

* Package name    : arjun
  Version         : 2.2.1
  Upstream Contact: Somdev Sangwan <s0md3v@gmail.com>
* URL             : https://github.com/s0md3v/Arjun
* License         : AGPL-3
  Programming Lang: Python
  Description     : HTTP parameter discovery suite

 This package can find query parameters for URL endpoints. If you don't get
 what that means, it's okay, read along.
 .
 Web applications use parameters (or queries) to accept user input, take the
 following example into consideration:
 http://api.example.com/v1/userinfo?id=751634589
 .
 This URL seems to load user information for a specific user id, but what if
 there exists a parameter named admin which when set to True makes the
 endpoint provide more information about the user?
 This is what Arjun does, it finds valid HTTP parameters with a huge default
 dictionary of 25,890 parameter names.

Reply to:

Prev by Date: Re: Re: RFS: onesixtyone
Previous by thread: Re: Re: RFS: onesixtyone
Index(es):
- Date
- Thread