Skip to main content

Injection Vulnerability Testing Tool

Project description

penterepTools

PTINJECTOR - Injection Vulnerability Testing Tool

Installation

pip install ptinjector

Adding to PATH

If you're unable to invoke the script from your terminal, it's likely because it's not included in your PATH. You can resolve this issue by executing the following commands, depending on the shell you're using:

For ZSH Users

echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.zshrc
source ~/.zshrc

For Bash Users

echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.bashrc
source ~/.bashrc

Usage examples

ptinjector -u https://www.example.com/?parameter1=abc&parameter2=def --parameter search -t XSS, SQLI
ptinjector -u https://www.example.com/?parameter1=abc&parameter2=def* -t XSS, SQLI
ptinjector -u http://192.168.0.3/admin/ping.php -d 'host=127.0.0.1*' -c 'PHPSESSID=cf0a2784f5b34228a016ec5' -H 'X-Forwarded-For:127.0.0.1' -p http://127.0.0.1:8080

Options

   -u   --url                 <url>                Test URL
   -t   --test                <test>               Specify one or more tests to perform:
                               403_bypass            Test for 403 Bypass
                               crlf                  Test for HTTP Response Splitting (CRLF Injection)
                               fpd                   Test for Full Path Disclosure
                               function_injection    Test for Function Injection
                               hhi                   Test for Host Header Injection
                               lfi                   Test for Local File Inclusion
                               rce                   Test for Remote Code Execution
                               rfi                   Test for Remote File Inclusion
                               sqli_boolean          Test for Blind SQL Injection
                               sqli_error            Test for Error-based SQL Injection
                               sqli_time             Test for Time-based SQL Injection
                               sqli_union            Test for Union-based SQL Injection
                               ssi                   Test for Server Side Includes (shtml)
                               ssrf                  Test for Server Side Request Forgery
                               ssti                  Test for Template Injection
                               xss                   Test for Cross Site Scripting

   -rf  --request_file        <request-file>       Set request-file.txt
   -d   --data                <data>               Set request-data
   -P   --parameter           <parameter>          Set parameter to test (e.g. GET, POST parameters)
   -H   --headers             <headers>            Set Header(s)
   -c   --cookie              <cookie>             Set Cookie(s)
   -a   --agent               <agent>              Set User-Agent
   -p   --proxy               <proxy>              Set Proxy
   -vu  --verify-url          <verify-url>         Set Verification URL (used with e.g. SSRF)
   -g   --technology          <technology>         Set Technology
   -k   --keep-testing                             Keep sending payloads, even if vulnerability is already detected
   -l   --start-local-server  <port>               Start local server on <port> (default 5000)
   -v   --version                                  Show script version and exit
   -h   --help                                     Show this help message and exit
   -j   --json                                     Output in JSON format

Dependencies

ptlibs
bs4
html5lib
flask
apscheduler

License

Copyright (c) 2024 Penterep Security s.r.o.

ptinjector is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ptinjector is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with ptinjector. If not, see https://www.gnu.org/licenses/.

Warning

You are only allowed to run the tool against the websites which you have been given permission to pentest. We do not accept any responsibility for any damage/harm that this application causes to your computer, or your network. Penterep is not responsible for any illegal or malicious use of this code. Be Ethical!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ptinjector-0.0.18.tar.gz (40.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ptinjector-0.0.18-py3-none-any.whl (47.3 kB view details)

Uploaded Python 3

File details

Details for the file ptinjector-0.0.18.tar.gz.

File metadata

  • Download URL: ptinjector-0.0.18.tar.gz
  • Upload date:
  • Size: 40.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for ptinjector-0.0.18.tar.gz
Algorithm Hash digest
SHA256 21be9894b1873893c4543ac4521b3dde47a6001bc3e5e7fade9bd49f09f27102
MD5 9bd75205dfae1866cc620f3cd7bb5f2a
BLAKE2b-256 b2220f4266695483ad46bde4dbbe150a29e9fddd616b354ca6ec5f2d930fed15

See more details on using hashes here.

File details

Details for the file ptinjector-0.0.18-py3-none-any.whl.

File metadata

  • Download URL: ptinjector-0.0.18-py3-none-any.whl
  • Upload date:
  • Size: 47.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for ptinjector-0.0.18-py3-none-any.whl
Algorithm Hash digest
SHA256 069713daf837a09a66d4befb1bc1c99f4f2dcde18d5b141ef386319a827d91f5
MD5 2d567ceca06666dad426db906b194f4c
BLAKE2b-256 92abcd9260402da8dbe2815b5ab724ec3d3a16ce0007adf5b4d8b9c59ab062ef

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page