InjectSuite is a security scanning tool designed to detect common injection vulnerabilities in web applications. Built with a focus on ethical hacking and educational purposes, it provides a powerful yet user-friendly CLI interface for security researchers and developers to test their applications against SQL Injection, Cross-Site Scripting (XSS), and Command Injection.
- SQL Injection Scanner: Detects multiple SQLi injection vulnerability.
- XSS Scanner: Identifies Reflected XSS using an extensive payload library.
- Command Injection (CMDi) Scanner: Probes for OS command injection vulnerabilities.
- Rich CLI Interface: Progress bars, hacker-style animations, and formatted tables.
- Modular Architecture: Easy to extend with new scanning modules.
InjectSuite can be launched using the following commands depending on your operating system:
Open your terminal and run:
python3 injectsuite.pyOpen PowerShell or Command Prompt and run:
python injectsuite.py
# OR
py injectsuite.pyFollow the interactive menu to select the scanning module you wish to use. You will be prompted to enter the target URL and other necessary configurations.
InjectSuite is cross-platform and can be installed on Windows, Linux, and macOS.
- Update system and install Python:
sudo apt update && sudo apt install python3 python3-pip git -y - Clone and Install:
git clone https://github.com/R-Santhoshkumar/injectsuite-cli.git cd injectsuite-cli pip3 install -r requirements.txt
- Install Homebrew (if not installed):
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - Install Python and Clone:
brew install python git git clone https://github.com/R-Santhoshkumar/injectsuite-cli.git cd injectsuite-cli pip3 install -r requirements.txt
- Install Python: Download and install the latest version from python.org. Ensure "Add Python to PATH" is checked during installation.
- Clone and Install:
Open PowerShell or Command Prompt:
git clone https://github.com/R-Santhoshkumar/injectsuite-cli.git cd injectsuite-cli pip install -r requirements.txt
To ensure accuracy and safety, InjectSuite was tested against industry-standard vulnerable applications. Testing was conducted exclusively in authorized, local, and controlled environments.
For safe and ethical testing, it is highly recommended to use Docker to host your own vulnerable instances:
docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000 bkimminich/juice-shop
docker pull vulnerables/web-dvwa
docker run --rm -p 80:80 vulnerables/web-dvwa
InjectSuite successfully identified vulnerabilities in these platforms, proving its effectiveness in detecting real-world security flaws in a controlled setting.
We welcome contributions from the cybersecurity community! Whether it's adding new scanning modules, improving the UI, or fixing bugs, your help is appreciated.
- Fork the repository.
- Create a new feature branch (
git checkout -b feature/YourFeature). - Commit your changes (
git commit -m 'Add some feature'). - Push to the branch (
git push origin feature/YourFeature). - Open a Pull Request.
For substantial updates, we kindly suggest opening an issue first to discuss your ideas. This helps us coordinate efforts and ensures a smooth integration process for everyone.
Santhoshkumar R
Security Enthusiastic & Developer
LinkedIn | GitHub
IMPORTANT: READ CAREFULLY
InjectSuite is intended for educational and authorized security testing only.
- DO NOT use this tool against live, unauthorized, or production websites.
- AUTHORIZATION REQUIRED: You must have explicit written permission from the owner of the target system before performing any security scans.
- LEGAL COMPLIANCE: Unauthorized access to computer systems is illegal. The author is not responsible for any misuse, damage, or legal consequences resulting from the use of this tool.
- SAFE TESTING: Always use local testing platforms like the Docker images provided above.
This project is licensed under the GNU General Public License v3.0. See the LICENSE file for details.