# Inclusion Scanner
## Overview
The Inclusion Scanner is a Python tool designed to detect file inclusion vulnerabilities on web applications. By leveraging various payloads, the scanner attempts to access sensitive files and configurations that should not be publicly exposed. This tool can be helpful for security professionals and developers seeking to identify potential security flaws in their applications.
## Features
- **Supports Multiple Payloads**: Uses a predefined list of payloads to check for vulnerabilities.
- **Custom Payloads**: Users can specify their own payload files for tailored scans.
- **Real-Time Feedback**: The scanner can provide immediate feedback on vulnerabilities found during the scan.
## Installation
Ensure you have Python installed on your system. Then, install the required libraries using pip:
```bash
pip install inclusion
```
## Usage
### Command Line Interface
You can run the scanner from the command line using various options:
1. **Basic Usage with a URL**
This command will scan the specified URL using default payloads:
```bash
inclusion --url https://example.com/
```
2. **Using a Custom Payload File**
To scan using a custom payload file, specify the path to your file:
```bash
inclusion --url https://example.com/ --payload path/to/custom_payloads.txt
```
### Python Code Examples
1. **Basic Usage with Default Payloads**
This example demonstrates how to use the scanner in a Python script with default payloads:
```python
from inclusion import scan
url = "https://example.com/"
def print_vulnerability(test_url):
print(f"Inclusion vulnerability found: {test_url}")
vulnerabilities = scan(url, callback=print_vulnerability)
if not vulnerabilities:
print("No vulnerabilities found.")
```
2. **Using a Custom Payload File**
Here’s how to scan a URL using a custom payload file:
```python
from inclusion import scan
url = "https://example.com/"
payload_file = "path/to/custom_payloads.txt"
def print_vulnerability(test_url):
print(f"Inclusion vulnerability found: {test_url}")
vulnerabilities = scan(url, payload_file=payload_file, callback=print_vulnerability)
if not vulnerabilities:
print("No vulnerabilities found.")
```
## How It Works
The scanner constructs URLs by appending payloads to the base URL. It then sends HTTP requests to the constructed URLs and checks the responses for signs of file inclusion vulnerabilities, such as the presence of sensitive data.
### Important Notes
- **Use Responsibly**: Always obtain permission before scanning a web application. Unauthorized scanning may violate terms of service or laws.
- **Environment**: Ensure that your scanning environment is safe and secure, especially if you are testing against live applications.
## License
This project is licensed under the MIT License.
## Contribution
Contributions are welcome! If you have suggestions or improvements, feel free to open an issue or submit a pull request.
Raw data
{
"_id": null,
"home_page": "https://github.com/ByteBreach/inclusion",
"name": "inclusion",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "MrFidal",
"author_email": "mrfidal@proton.me",
"download_url": "https://files.pythonhosted.org/packages/2f/83/d021342f9e26c7964f412debf9d67277f8713186e16815dfa32c12070ad5/inclusion-1.0.2.tar.gz",
"platform": null,
"description": "# Inclusion Scanner\r\n\r\n## Overview\r\n\r\nThe Inclusion Scanner is a Python tool designed to detect file inclusion vulnerabilities on web applications. By leveraging various payloads, the scanner attempts to access sensitive files and configurations that should not be publicly exposed. This tool can be helpful for security professionals and developers seeking to identify potential security flaws in their applications.\r\n\r\n## Features\r\n\r\n- **Supports Multiple Payloads**: Uses a predefined list of payloads to check for vulnerabilities.\r\n- **Custom Payloads**: Users can specify their own payload files for tailored scans.\r\n- **Real-Time Feedback**: The scanner can provide immediate feedback on vulnerabilities found during the scan.\r\n\r\n## Installation\r\n\r\nEnsure you have Python installed on your system. Then, install the required libraries using pip:\r\n\r\n```bash\r\npip install inclusion\r\n```\r\n\r\n## Usage\r\n\r\n### Command Line Interface\r\n\r\nYou can run the scanner from the command line using various options:\r\n\r\n1. **Basic Usage with a URL**\r\n\r\nThis command will scan the specified URL using default payloads:\r\n\r\n```bash\r\ninclusion --url https://example.com/\r\n```\r\n\r\n2. **Using a Custom Payload File**\r\n\r\nTo scan using a custom payload file, specify the path to your file:\r\n\r\n```bash\r\ninclusion --url https://example.com/ --payload path/to/custom_payloads.txt\r\n```\r\n\r\n### Python Code Examples\r\n\r\n1. **Basic Usage with Default Payloads**\r\n\r\nThis example demonstrates how to use the scanner in a Python script with default payloads:\r\n\r\n```python\r\nfrom inclusion import scan\r\n\r\nurl = \"https://example.com/\"\r\n\r\ndef print_vulnerability(test_url):\r\n print(f\"Inclusion vulnerability found: {test_url}\")\r\n\r\nvulnerabilities = scan(url, callback=print_vulnerability)\r\n\r\nif not vulnerabilities:\r\n print(\"No vulnerabilities found.\")\r\n```\r\n\r\n2. **Using a Custom Payload File**\r\n\r\nHere\u00e2\u20ac\u2122s how to scan a URL using a custom payload file:\r\n\r\n```python\r\nfrom inclusion import scan\r\n\r\nurl = \"https://example.com/\"\r\npayload_file = \"path/to/custom_payloads.txt\"\r\n\r\ndef print_vulnerability(test_url):\r\n print(f\"Inclusion vulnerability found: {test_url}\")\r\n\r\nvulnerabilities = scan(url, payload_file=payload_file, callback=print_vulnerability)\r\n\r\nif not vulnerabilities:\r\n print(\"No vulnerabilities found.\")\r\n```\r\n\r\n## How It Works\r\n\r\nThe scanner constructs URLs by appending payloads to the base URL. It then sends HTTP requests to the constructed URLs and checks the responses for signs of file inclusion vulnerabilities, such as the presence of sensitive data. \r\n\r\n### Important Notes\r\n\r\n- **Use Responsibly**: Always obtain permission before scanning a web application. Unauthorized scanning may violate terms of service or laws.\r\n- **Environment**: Ensure that your scanning environment is safe and secure, especially if you are testing against live applications.\r\n\r\n## License\r\n\r\nThis project is licensed under the MIT License.\r\n\r\n## Contribution\r\n\r\nContributions are welcome! If you have suggestions or improvements, feel free to open an issue or submit a pull request.\r\n",
"bugtrack_url": null,
"license": null,
"summary": "A tool to check for file inclusion vulnerabilities.",
"version": "1.0.2",
"project_urls": {
"Homepage": "https://github.com/ByteBreach/inclusion"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "ad0c9f9c45de144e7a9fbde23b37eb7f6ae4f75102e1010f7e5517c48780697e",
"md5": "3c10f6abfc6dc73f02b3d8fcddd53023",
"sha256": "f350223f21ab1713a5d7de89d25ea964ffc652f7f58d8b0cfe6a2414ac8145ff"
},
"downloads": -1,
"filename": "inclusion-1.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3c10f6abfc6dc73f02b3d8fcddd53023",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 6414,
"upload_time": "2024-10-27T20:47:12",
"upload_time_iso_8601": "2024-10-27T20:47:12.517581Z",
"url": "https://files.pythonhosted.org/packages/ad/0c/9f9c45de144e7a9fbde23b37eb7f6ae4f75102e1010f7e5517c48780697e/inclusion-1.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2f83d021342f9e26c7964f412debf9d67277f8713186e16815dfa32c12070ad5",
"md5": "5c3a9e182f4059b386e9afd5438f2e1a",
"sha256": "00db21180c1aaa82b40e79a180c26a2d64e3c692fa577ff1984a0e6fc29f2dd1"
},
"downloads": -1,
"filename": "inclusion-1.0.2.tar.gz",
"has_sig": false,
"md5_digest": "5c3a9e182f4059b386e9afd5438f2e1a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 5848,
"upload_time": "2024-10-27T20:47:14",
"upload_time_iso_8601": "2024-10-27T20:47:14.129271Z",
"url": "https://files.pythonhosted.org/packages/2f/83/d021342f9e26c7964f412debf9d67277f8713186e16815dfa32c12070ad5/inclusion-1.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-27 20:47:14",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ByteBreach",
"github_project": "inclusion",
"github_not_found": true,
"lcname": "inclusion"
}
JSON
