# Parameter Discovery

## Arjun&#x20;

Arjun can find query parameters for URL endpoints.

* <https://github.com/s0md3v/Arjun>

The following command will execute a rate limited parameter brute force using a large default wordlist. The `--headers` argument is optional but should be used when session cookies or an authorization header is required.

`arjun -u <URL> -w large -c 250 --headers "Cookie: "`