Bug#1027454: ITP: arjun -- HTTP parameter discovery suite
Package: wnpp
Severity: wishlist
Owner: Guilherme de Paula Xavier Segundo <guilherme.lnx@gmail.com>
X-Debbugs-Cc: debian-devel@lists.debian.org, guilherme.lnx@gmail.com, debian-security-tools@lists.debian.org, s0md3v@gmail.com
* Package name : arjun
Version : 2.2.1
Upstream Contact: Somdev Sangwan <s0md3v@gmail.com>
* URL : https://github.com/s0md3v/Arjun
* License : AGPL-3
Programming Lang: Python
Description : HTTP parameter discovery suite
This package can find query parameters for URL endpoints. If you don't get
what that means, it's okay, read along.
.
Web applications use parameters (or queries) to accept user input, take the
following example into consideration:
http://api.example.com/v1/userinfo?id=751634589
.
This URL seems to load user information for a specific user id, but what if
there exists a parameter named admin which when set to True makes the
endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default
dictionary of 25,890 parameter names.
Reply to: