# Install arjun with Homebrew, apt, Nix

HTTP parameter discovery suite. Version 2.2.7 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:arjun
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install arjun
```

  Evidence: local Homebrew formula metadata

### Linux

- Debian apt (92%):

```sh
sudo apt install arjun
```

  Evidence: Debian stable package indexes: arjun from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#arjun
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ar/arjun/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:arjun
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/arjun>
- **Version:** 2.2.7
- **Source summary:** HTTP parameter discovery suite
- **Homepage:** <https://github.com/s0md3v/Arjun>
- **Repository:** <https://github.com/s0md3v/Arjun>
- **Upstream docs:** <https://github.com/s0md3v/Arjun#readme>
- **License:** AGPL-3.0-only
- **Source archive:** <https://files.pythonhosted.org/packages/04/22/c5b969720d2802de2248c2aac0414ee5ae234887cfe150564d591c73fb23/arjun-2.2.7.tar.gz>
- **Last updated:** 2026-06-22T10:12:13-04:00
- **Generated:** 2026-07-10T07:20:53+00:00

## Executables

- arjun (cli)
- arjun (alias)

## Dependencies

- certifi
- python@3.14

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-10
- Package-manager version: 2.2.7
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://github.com/s0md3v/Arjun
- info: No cached GitHub release or tag data was available.
## Project history and usage

Arjun is an HTTP parameter discovery suite for reconnaissance and application-security testing. Its README describes the core job plainly: find valid query or body parameters for URL endpoints, using a large built-in parameter-name dictionary while trying to keep request counts low.

### Project history

Arjun is maintained in the s0md3v/Arjun GitHub repository and distributed as a Python CLI. The official README positions it around practical web testing tasks: GET, POST, JSON, and XML request probing; timeout and rate-limit handling; output to Burp Suite, text, or JSON; and target import from files, Burp, or raw HTTP requests.

The project release stream visible from the official GitHub releases shows 1.x releases by 2018-2019, a 2.0 beta in 2020, and continued 2.2.x releases through 2024. The README's installation recommendation is pipx, with pip as a fallback for older Python environments.

### Adoption history

The supplied package facts show Arjun packaged for Homebrew, Debian, Ubuntu, and Nix, which is typical for Python security tooling that becomes useful enough to install from OS and developer package managers rather than only from source.

Arjun's adoption niche is bug bounty, recon, and API testing workflows where hidden or undocumented parameters can change endpoint behavior. Its README credits Common Crawl, SecLists, Param Miner, and data-payloads as sources or relatives for the parameter wordlists, tying it to the broader web-security wordlist ecosystem.

### How it is used

The executable is arjun. Users normally point it at one URL or a list of targets, choose request methods and headers as needed, and export discovered parameters for later manual testing or Burp-centered workflows.

The official README does not document a persistent config file or credential store. Operationally, options are passed on the command line or through imported request/target files.

### Why package nerds care

Arjun is package-nerdy because it turns a common recon step into a repeatable CLI primitive. It is small, Python-packaged, and easy to drop into Homebrew, distro packages, Nix shells, or security-tool images.

Its value is not a framework or scanner platform; it is the narrow, automatable act of parameter discovery. That narrowness is why it fits well beside tools like Burp, SecLists, Param Miner, ffuf, httpx, and other recon CLIs.

### Timeline

- 2018: Official GitHub releases show Arjun 1.1.
- 2019: Official releases show 1.2-beta through 1.6.
- 2020: Official releases show 2.0-beta.
- 2024: Official releases show 2.2.x releases through 2.2.7.

### Related projects

- Related projects and data sources named by the README include SecLists, PortSwigger Param Miner, Common Crawl-derived wordlists, Burp Suite, and data-payloads.
- In workflows it commonly sits near HTTP probing, fuzzing, and recon tools rather than full vulnerability scanners.

### Sources

- <https://github.com/s0md3v/Arjun/releases>
- <https://raw.githubusercontent.com/s0md3v/Arjun/master/README.md>
- input.source_facts.package-manager


## Security Notes

No matching local secret-handling manifest was found for arjun. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** arjun
- **Version Scheme:** 0
- **Revision:** 7
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - arjun - 2.2.7-1: normalized package name match | Debian stable package indexes: arjun from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | HTTP parameter discovery suite | https://github.com/s0md3v/Arjun
- Nix - arjun: normalized package name match | nixpkgs package indexes: pkgs/by-name/ar/arjun/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - arjun - 2.2.1-2: normalized package name match | Ubuntu 24.04 LTS package indexes: arjun from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | HTTP parameter discovery suite | https://github.com/s0md3v/Arjun


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [forbidden](https://www.automicvault.com/pkg/brew/forbidden/) - Shares av.db curated category or tags: cli, http, security.
- [httpx](https://www.automicvault.com/pkg/brew/httpx/) - Shares av.db curated category or tags: cli, http, security.
- [slowhttptest](https://www.automicvault.com/pkg/brew/slowhttptest/) - Shares av.db curated category or tags: cli, http, security.
- [acme.sh](https://www.automicvault.com/pkg/brew/acme-sh/) - Shares av.db curated category or tags: cli, security.
- [aescrypt](https://www.automicvault.com/pkg/brew/aescrypt/) - Shares av.db curated category or tags: cli, security.
- [aespipe](https://www.automicvault.com/pkg/brew/aespipe/) - Shares av.db curated category or tags: cli, security.
- [afflib](https://www.automicvault.com/pkg/brew/afflib/) - Shares av.db curated category or tags: cli, security.
- [afl++](https://www.automicvault.com/pkg/brew/afl/) - Shares av.db curated category or tags: cli, security.
- [dnsgen](https://www.automicvault.com/pkg/brew/dnsgen/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, discovery, python, python-3-14.
- [censys](https://www.automicvault.com/pkg/brew/censys/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, python, python-3-14, security.

## Combined YAML source

View the package source record on GitHub. [combined/arjun.yml](https://github.com/automic-vault/db/blob/main/combined/arjun.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
