Source: arjun
Section: misc
Priority: optional
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Uploaders: Guilherme de Paula Xavier Segundo <guilherme.lnx@gmail.com>
Rules-Requires-Root: no
Build-Depends: debhelper-compat (= 13),
               dh-sequence-python3,
               python3-setuptools,
               python3-all
Standards-Version: 4.6.2
Homepage: https://github.com/s0md3v/Arjun
Vcs-Browser: https://salsa.debian.org/pkg-security-team/arjun
Vcs-Git: https://salsa.debian.org/pkg-security-team/arjun.git

Package: arjun
Architecture: all
Depends: ${python3:Depends},
         ${misc:Depends}
Description: HTTP parameter discovery suite
 This package can find query parameters for URL endpoints.
 .
 Web applications use parameters (or queries) to accept user input, take the
 following example into consideration.
 .
    http://api.example.com/v1/userinfo?id=751634589
 .
 This URL seems to load user information for a specific user id, but what if
 there exists a parameter named admin which when set to True makes the endpoint
 provide more information about the user?
 This is what Arjun does, it finds valid HTTP parameters with a huge default
 dictionary of 25,890 parameter names.
 It takes less than 10 seconds to go through this huge list while making just
 50-60 requests to the target.
 .
 Some features:
   - Supports GET/POST/POST-JSON/POST-XML requests;
   - Automatically handles rate limits and timeouts;
   - Export results to: BurpSuite, text or JSON file;
   - Import targets from: BurpSuite, text file or a raw request file;
   - Can passively extract parameters from JS or 3 external sources.
 .
 Arjun is useful for penetration testing (PENTEST) and network security
 analysis, serving as OSINT.
