Red Inject is a lightweight, Python-based web vulnerability scanner designed to help security researchers and developers identify potential weaknesses in web applications. It specializes in detecting Cross-Site Scripting (XSS) and SQL Injection (SQLi) vulnerabilities within HTML forms, enabling users to quickly pinpoint and remediate security issues. The tool automatically crawls websites, extracts all HTML forms, and tests each input field with custom payloads and known injection patterns. With an easy-to-use interface and customizable payloads, Red Inject provides a fast and efficient way to strengthen web application security and improve overall resilience against common cyberattacks.
The script performs these steps:
requests.Session() — reuses a session and headers for all requests.BeautifulSoup — parses HTML and extracts <form>, <a>, inputs, etc.payloads/xss_pl.txt and payloads/sqli_pl.txt.visited set — prevents revisiting the same URL during crawling.<form> elements. Handles network errors and returns an empty list on failure.
<a href> links and recursively crawls them with max_depth - 1> This is for educational purposes only.