Automated vulnerability scanner for SQL Injection (SQLi), SSRF, and XSS.
Project description
BugInjectX
BugInjectX is a powerful, Python-based tool designed for automated vulnerability discovery, focusing on SQL Injection (SQLi), Cross-Site Scripting (XSS), and Server-Side Request Forgery (SSRF) attacks. It leverages dictionary-based payload injections to identify vulnerabilities in web applications by testing URL and header parameters for potential exploits.
Features
- Automated Vulnerability Testing: Detects SQLi, XSS, and SSRF vulnerabilities.
- Dictionary-based Payload Injection: Uses extensive, custom dictionaries for payloads.
- Color-coded Output: Easy-to-read, color-coded feedback in the terminal.
- Custom Headers: Inject custom headers like
X-BUG-HUNTER-IDfor enhanced anonymity. - Async Operations: Utilizes
asyncioandaiohttpfor high-speed, efficient attacks. - Cross-Platform: Works on any system with Python 3+ installed.
Why BugInjectX?
BugInjectX is designed for bug hunters, penetration testers, and security researchers who need an efficient and streamlined method to automate vulnerability testing. With built-in support for common CVEs like SQLi, XSS, and SSRF, BugInjectX is your go-to tool for comprehensive web application testing.
Supported Vulnerabilities
- SQL Injection (SQLi): Tests for SQLi flaws in URL and header parameters.
- Cross-Site Scripting (XSS): Identifies XSS vulnerabilities via payload injection.
- Server-Side Request Forgery (SSRF): Tests for SSRF vulnerabilities by injecting payloads that manipulate server-side requests.
Installation
To install BugInjectX, simply run:
pip install buginjectx
Alternatively, you can install from source:
- Clone the Repository:
git clone https://github.com/GreyNodeSecurity/BugInjectX
- Navigate to the project directory:
cd BugInjectX
- Install the dependencies:
pip install -r requirements.txt
If you are using some O.S. like Kali, or you get the following error;
error: externally-managed-environment
× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.
If you wish to install a non-Kali-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have pypy3-venv installed.
If you wish to install a non-Kali-packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.
For more information, refer to the following:
* https://www.kali.org/docs/general-use/python3-external-packages/
* /usr/share/doc/python3.12/README.venv
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
Please use the following command:
pipx install -r requirements.txt
OR BUILD ENVIRONMENT:
python3 -m venv venv
source venv/bin/activate
Quick Start
Once installed, BugInjectX can be run with the following command:
python3 main.py
Sample Usage
- Run BugInjectX with custom Target:
python3 main.py --target https://target.com --header "X-BUG-HUNTER-ID: Z3r0-S3c"
- Test with Custom Payload Dictionaries:
python3 main.py --target https://target.com --sql-payloads /path/to/sql_payloads.txt --xss-payloads /path/to/xss_payloads.txt --ssrf-payloads /path/to/ssrf_payloads.txt
Configuration
BugInjectX allows you to specifically custom payload dictionaries for each vulnerability type (SQLi, XSS, SSRF). You can easily specify the location of these dictionaries in the command-line arguments:
--sql-payloads: Path to the SQLi Payloads File.--xss-payloads: Path to the XSS Payloads File.--ssrf-payloads: Path to the SSRF Payloads File.--header: Optional custom header for your requests (e.g.,X-BUG-HUNTER-ID).
Contributing
We welcome contributions! If you’d like to contribute to BugInjectX, please fork the repository, create a new branch, and submit a pull request. We are particularly looking for:
Improvements to existing features:
- Bug fixes
- Additional payload dictionaries for new vulnerabilities
Contact
- Name: Z3r0 S3c
- Email: z3r0s3c@greynodesecurity.com
- Twitter: @Z3r0_S3c
- Company: Grey Node Security
- Web: https://greynodesecurity.com
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file buginjectx-0.1.8.tar.gz.
File metadata
- Download URL: buginjectx-0.1.8.tar.gz
- Upload date:
- Size: 8.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
901de887cd5aed3e962048937940b2a1d4a111d7f2156cda8901ef0ff952ade1
|
|
| MD5 |
1401af3e3f03be1f7ac262317f5beb1f
|
|
| BLAKE2b-256 |
d9b1f991704c8a3914c7f1bfbd9adf95a5851b39ce79b56c2130bf331d1300d5
|
File details
Details for the file BugInjectX-0.1.8-py3-none-any.whl.
File metadata
- Download URL: BugInjectX-0.1.8-py3-none-any.whl
- Upload date:
- Size: 9.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
47af580100e857459707486d155739362027487dc73ab859f121736979362ea5
|
|
| MD5 |
efbd50038d68b638405a43ff0c06ac64
|
|
| BLAKE2b-256 |
328210761427db0af63b53f3a8654da26561ce5841be0cfbb6f89f9cb40408b4
|
