Arjun icon indicating copy to clipboard operation
Arjun copied to clipboard
verified publisher icon s0md3v

option to run heuristics scan only

Open elig0n opened this issue 5 years ago • 2 comments

  • this tool could be useful to run a heuristics scan exclusively
  • in that case maybe it should support specifying a heuristics "page" (GET) in its own argument because sometimes the API itself and form page are different, but we need to combine them even when the request methods are different
  • ~~add an option(?) to save heuristics results in output file too as I've seen they are not included.~~ Please see my suggested PR https://github.com/s0md3v/Arjun/pull/98

elig0n avatar Dec 12 '20 15:12 elig0n

Hi @elig0n,

Thanks for pointing it out. We can make two changes to the Arjun

  1. If there's a form in the HTML that uses a HTTP method different than the one user specified, we can let user know about that.
  2. We can have a heuristics only scan but the parameters found through it should be saved in the existing params object, no need to create a separate key for that.

Let me know what you think about these propositions. Thanks again for the valuable PRs and suggestions.

s0md3v avatar Dec 12 '20 20:12 s0md3v

In fact, you just need to change arjun's python module directory ——main——.py to this will solve your requirements: if found: num = len(found) if words_exist: print('%s Heuristic scanner found %i parameters' % (good, num),f'{str(found)}') else: s = 's' if num > 1 else '' print('%s Heuristic scanner found %i parameter%s: %s' % (good, num, s, ', '.join(found)),f'{str(found)}')

jianmuhtb avatar Apr 11 '24 09:04 jianmuhtb