Package: wnpp Severity: wishlist Owner: Guilherme de Paula Xavier Segundo <guilherme....@gmail.com> X-Debbugs-Cc: debian-de...@lists.debian.org, guilherme....@gmail.com, debian-security-to...@lists.debian.org, s0m...@gmail.com
* Package name : arjun Version : 2.2.1 Upstream Contact: Somdev Sangwan <s0m...@gmail.com> * URL : https://github.com/s0md3v/Arjun * License : AGPL-3 Programming Lang: Python Description : HTTP parameter discovery suite This package can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along. . Web applications use parameters (or queries) to accept user input, take the following example into consideration: http://api.example.com/v1/userinfo?id=751634589 . This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,890 parameter names.
