# BugInjectX
**BugInjectX** is a powerful, Python-based tool designed for automated vulnerability discovery, focusing on **SQL Injection (SQLi)**, **Cross-Site Scripting (XSS)**, and **Server-Side Request Forgery (SSRF)** attacks. It leverages dictionary-based payload injections to identify vulnerabilities in web applications by testing URL and header parameters for potential exploits.
## Features
- **Automated Vulnerability Testing**: Detects SQLi, XSS, and SSRF vulnerabilities.
- **Dictionary-based Payload Injection**: Uses extensive, custom dictionaries for payloads.
- **Color-coded Output**: Easy-to-read, color-coded feedback in the terminal.
- **Custom Headers**: Inject custom headers like `X-BUG-HUNTER-ID` for enhanced anonymity.
- **Async Operations**: Utilizes `asyncio` and `aiohttp` for high-speed, efficient attacks.
- **Cross-Platform**: Works on any system with Python 3+ installed.
## Why BugInjectX?
BugInjectX is designed for bug hunters, penetration testers, and security researchers who need an efficient and streamlined method to automate vulnerability testing. With built-in support for common CVEs like SQLi, XSS, and SSRF, BugInjectX is your go-to tool for comprehensive web application testing.
### Supported Vulnerabilities
- **SQL Injection (SQLi)**: Tests for SQLi flaws in URL and header parameters.
- **Cross-Site Scripting (XSS)**: Identifies XSS vulnerabilities via payload injection.
- **Server-Side Request Forgery (SSRF)**: Tests for SSRF vulnerabilities by injecting payloads that manipulate server-side requests.
## Installation
To install **BugInjectX**, simply run:
```bash
pip install buginjectx
```
Alternatively, you can install from source:
1. Clone the Repository:
```bash
git clone https://github.com/GreyNodeSecurity/BugInjectX
```
2. Navigate to the project directory:
```bash
cd BugInjectX
```
3. Install the dependencies:
```bash
pip install -r requirements.txt
```
_If you are using some O.S. like Kali, or you get the following error;_
```bash
error: externally-managed-environment
× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.
If you wish to install a non-Kali-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have pypy3-venv installed.
If you wish to install a non-Kali-packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.
For more information, refer to the following:
* https://www.kali.org/docs/general-use/python3-external-packages/
* /usr/share/doc/python3.12/README.venv
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
```
_Please use the following command:_
```bash
pipx install -r requirements.txt
```
**OR BUILD ENVIRONMENT:**
```bash
python3 -m venv venv
source venv/bin/activate
```
## Quick Start
Once installed, BugInjectX can be run with the following command:
```bash
python3 main.py
```
### Sample Usage
1. Run BugInjectX with custom Target:
```bash
python3 main.py --target https://target.com --header "X-BUG-HUNTER-ID: Z3r0-S3c"
```
2. Test with Custom Payload Dictionaries:
```bash
python3 main.py --target https://target.com --sql-payloads /path/to/sql_payloads.txt --xss-payloads /path/to/xss_payloads.txt --ssrf-payloads /path/to/ssrf_payloads.txt
```
# Configuration
**BugInjectX** allows you to specifically custom payload dictionaries for each vulnerability type (SQLi, XSS, SSRF). You can easily specify the location of these dictionaries in the command-line arguments:
* `--sql-payloads`: Path to the SQLi Payloads File.
* `--xss-payloads`: Path to the XSS Payloads File.
* `--ssrf-payloads`: Path to the SSRF Payloads File.
* `--header`: Optional custom header for your requests (e.g., `X-BUG-HUNTER-ID`).
# Contributing
We welcome contributions! If you’d like to contribute to BugInjectX, please fork the repository, create a new branch, and submit a pull request. We are particularly looking for:
Improvements to existing features:
* Bug fixes
* Additional payload dictionaries for new vulnerabilities
# Contact
* **Name:** _Z3r0 S3c_
* **Email:** _z3r0s3c@greynodesecurity.com_
* **Twitter:** _@Z3r0_S3c_
* **Company:** _Grey Node Security_
* **Web:** _https://greynodesecurity.com_
Raw data
{
"_id": null,
"home_page": "https://github.com/greynodesecurity/BugInjectX",
"name": "BugInjectX",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3",
"maintainer_email": null,
"keywords": "security, bug bounty, pentesting, SQLi, SSRF, XSS, infosec, hacking, penetration testing, web security, vulnerability scanning, ethical hacking, bug bounty automation, cybersecurity",
"author": "Z3r0 S3c",
"author_email": "z3r0s3c@greynodesecurity.com",
"download_url": "https://files.pythonhosted.org/packages/a9/6d/2739efcc932d732e67d93b25af4422f43482543064d38ebc5ed3b517feab/buginjectx-0.2.0.tar.gz",
"platform": null,
"description": "# BugInjectX\n\n**BugInjectX** is a powerful, Python-based tool designed for automated vulnerability discovery, focusing on **SQL Injection (SQLi)**, **Cross-Site Scripting (XSS)**, and **Server-Side Request Forgery (SSRF)** attacks. It leverages dictionary-based payload injections to identify vulnerabilities in web applications by testing URL and header parameters for potential exploits.\n\n## Features\n\n- **Automated Vulnerability Testing**: Detects SQLi, XSS, and SSRF vulnerabilities.\n- **Dictionary-based Payload Injection**: Uses extensive, custom dictionaries for payloads.\n- **Color-coded Output**: Easy-to-read, color-coded feedback in the terminal.\n- **Custom Headers**: Inject custom headers like `X-BUG-HUNTER-ID` for enhanced anonymity.\n- **Async Operations**: Utilizes `asyncio` and `aiohttp` for high-speed, efficient attacks.\n- **Cross-Platform**: Works on any system with Python 3+ installed.\n\n## Why BugInjectX?\n\nBugInjectX is designed for bug hunters, penetration testers, and security researchers who need an efficient and streamlined method to automate vulnerability testing. With built-in support for common CVEs like SQLi, XSS, and SSRF, BugInjectX is your go-to tool for comprehensive web application testing.\n\n### Supported Vulnerabilities\n- **SQL Injection (SQLi)**: Tests for SQLi flaws in URL and header parameters.\n- **Cross-Site Scripting (XSS)**: Identifies XSS vulnerabilities via payload injection.\n- **Server-Side Request Forgery (SSRF)**: Tests for SSRF vulnerabilities by injecting payloads that manipulate server-side requests.\n\n## Installation\n\nTo install **BugInjectX**, simply run:\n\n```bash\npip install buginjectx\n```\n\nAlternatively, you can install from source:\n\n1. Clone the Repository:\n```bash\ngit clone https://github.com/GreyNodeSecurity/BugInjectX\n```\n2. Navigate to the project directory:\n```bash\ncd BugInjectX\n```\n3. Install the dependencies:\n```bash\npip install -r requirements.txt\n```\n_If you are using some O.S. like Kali, or you get the following error;_\n```bash\nerror: externally-managed-environment\n\n\u00d7 This environment is externally managed\n\u2570\u2500> To install Python packages system-wide, try apt install\n python3-xyz, where xyz is the package you are trying to\n install.\n \n If you wish to install a non-Kali-packaged Python package,\n create a virtual environment using python3 -m venv path/to/venv.\n Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make\n sure you have pypy3-venv installed.\n \n If you wish to install a non-Kali-packaged Python application,\n it may be easiest to use pipx install xyz, which will manage a\n virtual environment for you. Make sure you have pipx installed.\n \n For more information, refer to the following:\n * https://www.kali.org/docs/general-use/python3-external-packages/\n * /usr/share/doc/python3.12/README.venv\n\nnote: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.\nhint: See PEP 668 for the detailed specification.\n```\n_Please use the following command:_\n```bash\npipx install -r requirements.txt\n```\n**OR BUILD ENVIRONMENT:**\n```bash\npython3 -m venv venv\n\nsource venv/bin/activate\n```\n\n## Quick Start\nOnce installed, BugInjectX can be run with the following command:\n```bash\npython3 main.py\n```\n\n### Sample Usage\n1. Run BugInjectX with custom Target:\n```bash\npython3 main.py --target https://target.com --header \"X-BUG-HUNTER-ID: Z3r0-S3c\"\n```\n2. Test with Custom Payload Dictionaries:\n```bash\npython3 main.py --target https://target.com --sql-payloads /path/to/sql_payloads.txt --xss-payloads /path/to/xss_payloads.txt --ssrf-payloads /path/to/ssrf_payloads.txt\n```\n\n# Configuration\n**BugInjectX** allows you to specifically custom payload dictionaries for each vulnerability type (SQLi, XSS, SSRF). You can easily specify the location of these dictionaries in the command-line arguments: \n* `--sql-payloads`: Path to the SQLi Payloads File. \n* `--xss-payloads`: Path to the XSS Payloads File. \n* `--ssrf-payloads`: Path to the SSRF Payloads File. \n* `--header`: Optional custom header for your requests (e.g., `X-BUG-HUNTER-ID`). \n \n# Contributing\nWe welcome contributions! If you\u2019d like to contribute to BugInjectX, please fork the repository, create a new branch, and submit a pull request. We are particularly looking for:\n\nImprovements to existing features:\n* Bug fixes\n* Additional payload dictionaries for new vulnerabilities\n\n# Contact\n* **Name:** _Z3r0 S3c_ \n* **Email:** _z3r0s3c@greynodesecurity.com_\n* **Twitter:** _@Z3r0_S3c_\n* **Company:** _Grey Node Security_\n* **Web:** _https://greynodesecurity.com_\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Automated vulnerability scanner for SQL Injection (SQLi), SSRF, and XSS.",
"version": "0.2.0",
"project_urls": {
"Bug Tracker": "https://github.com/greynodesecurity/BugInjectX/issues",
"Documentation": "https://github.com/greynodesecurity/BugInjectX/wiki",
"Homepage": "https://github.com/greynodesecurity/BugInjectX",
"Source Code": "https://github.com/greynodesecurity/BugInjectX"
},
"split_keywords": [
"security",
" bug bounty",
" pentesting",
" sqli",
" ssrf",
" xss",
" infosec",
" hacking",
" penetration testing",
" web security",
" vulnerability scanning",
" ethical hacking",
" bug bounty automation",
" cybersecurity"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "55db844717392edb1f63b07beab1363d3ca7a3afe99285e5783a98f30c8a0ba6",
"md5": "43293fba7d21ca4ada0296ec6b101c8d",
"sha256": "839b8c8f4268705dc68c267fb2ca1fd1ce3cde0ccf3d02344e75b989e591d1c6"
},
"downloads": -1,
"filename": "BugInjectX-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "43293fba7d21ca4ada0296ec6b101c8d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3",
"size": 9021,
"upload_time": "2025-02-19T21:37:46",
"upload_time_iso_8601": "2025-02-19T21:37:46.476709Z",
"url": "https://files.pythonhosted.org/packages/55/db/844717392edb1f63b07beab1363d3ca7a3afe99285e5783a98f30c8a0ba6/BugInjectX-0.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "a96d2739efcc932d732e67d93b25af4422f43482543064d38ebc5ed3b517feab",
"md5": "adc8772c16573cb1659651641a7bcd91",
"sha256": "8b5f9e180fc8a407711042b2f367a49ba626e68403a0613702de0f1f28a84bf3"
},
"downloads": -1,
"filename": "buginjectx-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "adc8772c16573cb1659651641a7bcd91",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 8602,
"upload_time": "2025-02-19T21:37:47",
"upload_time_iso_8601": "2025-02-19T21:37:47.407950Z",
"url": "https://files.pythonhosted.org/packages/a9/6d/2739efcc932d732e67d93b25af4422f43482543064d38ebc5ed3b517feab/buginjectx-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-19 21:37:47",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "greynodesecurity",
"github_project": "BugInjectX",
"github_not_found": true,
"lcname": "buginjectx"
}
JSON
