Red Inject - Web Vulnerability Scanner v1.0.0

GitHub Repository

Red Inject

Red Inject is a lightweight, Python-based web vulnerability scanner designed to help security researchers and developers identify potential weaknesses in web applications. It specializes in detecting Cross-Site Scripting (XSS) and SQL Injection (SQLi) vulnerabilities within HTML forms, enabling users to quickly pinpoint and remediate security issues. The tool automatically crawls websites, extracts all HTML forms, and tests each input field with custom payloads and known injection patterns. With an easy-to-use interface and customizable payloads, Red Inject provides a fast and efficient way to strengthen web application security and improve overall resilience against common cyberattacks.

How does it works?

The script performs these steps:

  1. Initialize utilities (colors, banner, HTTP session).
  2. Crawl the target URL up to a configurable depth.
  3. On each page, extract HTML forms and test each form for XSS and SQLi using payload files.
  4. Collect and print found vulnerabilities.

Key components

Functionality

get_forms(url)
Fetches the page and returns all <form> elements. Handles network errors and returns an empty list on failure.
load_payloads(file_path)
Reads payloads from a file (one per line). If file missing, it prints an error and returns an empty list.
crawl(url, max_depth=2)
Depth-first crawler: stops when depth is 0 or URL already visited. On each page it:
  • Parses page HTML
  • Loads payload files
  • Runs XSS & SQLi tests on every form
  • Finds all <a href> links and recursively crawls them with max_depth - 1

Safety & limitations (important)

> This is for educational purposes only.