A tool to check for file inclusion vulnerabilities.
Project description
Inclusion Scanner
Overview
The Inclusion Scanner is a Python tool designed to detect file inclusion vulnerabilities on web applications. By leveraging various payloads, the scanner attempts to access sensitive files and configurations that should not be publicly exposed. This tool can be helpful for security professionals and developers seeking to identify potential security flaws in their applications.
Features
- Supports Multiple Payloads: Uses a predefined list of payloads to check for vulnerabilities.
- Custom Payloads: Users can specify their own payload files for tailored scans.
- Real-Time Feedback: The scanner can provide immediate feedback on vulnerabilities found during the scan.
Installation
Ensure you have Python installed on your system. Then, install the required libraries using pip:
pip install inclusion
Usage
Command Line Interface
You can run the scanner from the command line using various options:
- Basic Usage with a URL
This command will scan the specified URL using default payloads:
inclusion --url https://example.com/
- Using a Custom Payload File
To scan using a custom payload file, specify the path to your file:
inclusion --url https://example.com/ --payload path/to/custom_payloads.txt
Python Code Examples
- Basic Usage with Default Payloads
This example demonstrates how to use the scanner in a Python script with default payloads:
from inclusion import scan
url = "https://example.com/"
def print_vulnerability(test_url):
print(f"Inclusion vulnerability found: {test_url}")
vulnerabilities = scan(url, callback=print_vulnerability)
if not vulnerabilities:
print("No vulnerabilities found.")
- Using a Custom Payload File
Here’s how to scan a URL using a custom payload file:
from inclusion import scan
url = "https://example.com/"
payload_file = "path/to/custom_payloads.txt"
def print_vulnerability(test_url):
print(f"Inclusion vulnerability found: {test_url}")
vulnerabilities = scan(url, payload_file=payload_file, callback=print_vulnerability)
if not vulnerabilities:
print("No vulnerabilities found.")
How It Works
The scanner constructs URLs by appending payloads to the base URL. It then sends HTTP requests to the constructed URLs and checks the responses for signs of file inclusion vulnerabilities, such as the presence of sensitive data.
Important Notes
- Use Responsibly: Always obtain permission before scanning a web application. Unauthorized scanning may violate terms of service or laws.
- Environment: Ensure that your scanning environment is safe and secure, especially if you are testing against live applications.
License
This project is licensed under the MIT License.
Contribution
Contributions are welcome! If you have suggestions or improvements, feel free to open an issue or submit a pull request.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file inclusion-1.0.2.tar.gz.
File metadata
- Download URL: inclusion-1.0.2.tar.gz
- Upload date:
- Size: 5.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 00db21180c1aaa82b40e79a180c26a2d64e3c692fa577ff1984a0e6fc29f2dd1 |
|
| MD5 | 5c3a9e182f4059b386e9afd5438f2e1a |
|
| BLAKE2b-256 | 2f83d021342f9e26c7964f412debf9d67277f8713186e16815dfa32c12070ad5 |
File details
Details for the file inclusion-1.0.2-py3-none-any.whl.
File metadata
- Download URL: inclusion-1.0.2-py3-none-any.whl
- Upload date:
- Size: 6.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f350223f21ab1713a5d7de89d25ea964ffc652f7f58d8b0cfe6a2414ac8145ff |
|
| MD5 | 3c10f6abfc6dc73f02b3d8fcddd53023 |
|
| BLAKE2b-256 | ad0c9f9c45de144e7a9fbde23b37eb7f6ae4f75102e1010f7e5517c48780697e |
