{"id":20827623,"url":"https://github.com/bonifield/requestinjector","last_synced_at":"2026-01-24T16:03:44.804Z","repository":{"id":57461318,"uuid":"397393453","full_name":"bonifield/RequestInjector","owner":"bonifield","description":"scan a URL using a given wordlist with optional URL transformations","archived":false,"fork":false,"pushed_at":"2021-09-21T20:59:05.000Z","size":48,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-21T06:56:30.251Z","etag":null,"topics":["bug-bounty","bug-hunting","pentest","pentesting","pentesting-tools","python","python3","webapp","wordlist"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bonifield.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-17T21:17:16.000Z","updated_at":"2025-05-18T10:11:07.000Z","dependencies_parsed_at":"2022-09-17T04:30:57.339Z","dependency_job_id":null,"html_url":"https://github.com/bonifield/RequestInjector","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bonifield/RequestInjector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bonifield%2FRequestInjector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bonifield%2FRequestInjector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bonifield%2FRequestInjector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bonifield%2FRequestInjector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bonifield","download_url":"https://codeload.github.com/bonifield/RequestInjector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bonifield%2FRequestInjector/sbom","scorecard":{"id":247618,"data":{"date":"2025-08-11","repo":{"name":"github.com/bonifield/RequestInjector","commit":"ec05331e5e7105c3d2a3fcc6629f587c1882d300"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Code-Review","score":0,"reason":"Found 0/9 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-17T07:54:02.400Z","repository_id":57461318,"created_at":"2025-08-17T07:54:02.401Z","updated_at":"2025-08-17T07:54:02.401Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28730749,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T10:24:43.181Z","status":"ssl_error","status_checked_at":"2026-01-24T10:24:36.112Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bug-hunting","pentest","pentesting","pentesting-tools","python","python3","webapp","wordlist"],"created_at":"2024-11-17T23:12:33.842Z","updated_at":"2026-01-24T16:03:44.756Z","avatar_url":"https://github.com/bonifield.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RequestInjector\nscan a URL using one or more given wordlists with optional URL transformations\n\n### What is RequestInjector?\nThis tool scans a single URL at a time, using wordlists to try various path combinations and key/value query pairs. RequestInjector is a single standalone script that can be kept in a tools folder until needed, or installed directly via pip and accessed directly from $PATH.\n- in `path` mode (`-m path`), try all words against a URL path, with optional mutations\n\t- given the URL \"http://example.com/somepath/a/b/c\", a wordlist to pull terms from, and -m/--mutate specified, worker threads will try each mutation of the URL and the current term (WORD):\n\t\t- \"http://example.com/WORD\", \"http://example.com/somepath/WORD\", \"http://example.com/somepath/a/WORD\", \"http://example.com/somepath/a/b/WORD\", \"http://example.com/somepath/a/b/c/WORD\"\n- in `arg` mode (`-m arg`), try all words against a specified set of keys\n\t- using the `shotgun` attacktype (`-T shotgun`), provide a single wordlist against one or more keys (similar to Burp Suite's Intruder modes Sniper and Battering Ram)\n\t- using the `trident` attacktype (`-T trident`), provide one wordlist per key, and terminate upon reaching either the end of the shortest wordlist (default) or the longest (`--longest --fillvalue VALUE`) (similar to Burp Suite's Intruder mode Pitchfork)\n- in `body` mode (`-m body`), use a template to submit dynamic body content to a given target, utilizing either the `shotgun` or `trident` attacktype (also supports URL-based modes above)\n\t- `body` is not yet implemented\n\n\n### Installation [GitHub](https://github.com/bonifield/RequestInjector) [PyPi](https://pypi.org/project/requestinjector/)\n```\npip install requestinjector\n# will become available directly from $PATH as either \"requestinjector\" or \"ri\"\n```\n\n### Usage (Command Line Tool or Standalone Script Somewhere in $PATH)\n```\nv0.9.4\nLast Updated: 2021-09-21\n\npath mode (-M path):\n\t# NOTE - although -w accepts a comma-separated list of wordlists as a string, only the first one will be used for this mode\n\t\trequestinjector -u \"http://example.com/somepath/a/b/c\" \\\n\t\t-M path \\\n\t\t-w \"/path/to/wordlist.txt\" \\\n\t\t-t 10 \\\n\t\t-r 2 \\\n\t\t-m \\\n\t\t-p '{\"http\": \"http://127.0.0.1:8080\", \"https\": \"https://127.0.0.1:8080\"}' \\\n\t\t-H '{\"Content-Type\": \"text/plain\"}' \\\n\t\t--color\n\narg mode (-M arg) using shotgun attacktype (-T shotgun):\n\t# NOTE - shotgun is similar to Burp Suite's sniper and battering ram modes; provide one or more keys, and a single wordlist\n\t# NOTE - although -w accepts a comma-separated list of wordlists as a string, only the first one will be used for this attacktype\n\t# NOTE - mutations (-m) not yet available for arg mode\n\t\trequestinjector -u \"http://example.com/somepath/a/b/c\" \\\n\t\t-M arg \\\n\t\t-T shotgun \\\n\t\t-K key1,key2,key3,key4 \\\n\t\t-w \"/path/to/wordlist.txt\" \\\n\t\t-S statickey1=staticval1,statickey2=staticval2 \\\n\t\t-t 10 \\\n\t\t-r 2 \\\n\t\t-p '{\"http\": \"http://127.0.0.1:8080\", \"https\": \"https://127.0.0.1:8080\"}' \\\n\t\t-H '{\"Content-Type\": \"text/plain\"}' \\\n\t\t--color\n\narg mode (-M arg) using trident attacktype (-T trident), and optional static arguments (-S):\n\t# NOTE - trident is similar to Burp Suite's pitchfork mode; for each key specified, provided a wordlist (-w WORDLIST1,WORDLIST2,etc); specify the same wordlist multiple times if using this attacktype and you want the same wordlist in multiple positions\n\t# NOTE - this type will run through to the end of the shortest provided wordlist; use --longest and --fillvalue VALUE to run through the longest provided wordlist instead\n\t# NOTE - mutations (-m) not yet available for arg mode\n\t\trequestinjector -u \"http://example.com/somepath/a/b/c\" \\\n\t\t-M arg \\\n\t\t-T trident \\\n\t\t-K key1,key2,key3,key4 \\\n\t\t-w /path/to/wordlist1.txt,/path/to/wordlist2.txt,/path/to/wordlist3.txt,/path/to/wordlist4.txt \\\n\t\t-S statickey1=staticval1,statickey2=staticval2 \\\n\t\t-t 10 \\\n\t\t-r 2 \\\n\t\t-p '{\"http\": \"http://127.0.0.1:8080\", \"https\": \"https://127.0.0.1:8080\"}' \\\n\t\t-H '{\"Content-Type\": \"text/plain\"}' \\\n\t\t--color\n\narg mode (-M arg) using trident attacktype (-T trident), optional static arguments (-S), and --longest and --fillvalue VALUE (itertools.zip_longest())\n\t# NOTE - trident is similar to Burp Suite's pitchfork mode; for each key specified, provided a wordlist (-w WORDLIST1,WORDLIST2,etc); specify the same wordlist multiple times if using this attacktype and you want the same wordlist in multiple positions\n\t# NOTE - --longest and --fillvalue VALUE will run through to the end of the longest provided wordlist, filling empty values with the provided fillvalue\n\t# NOTE - mutations (-m) not yet available for arg mode\n\t\trequestinjector -u \"http://example.com/somepath/a/b/c\" \\\n\t\t-M arg \\\n\t\t-T trident \\\n\t\t-K key1,key2,key3,key4 \\\n\t\t-w /path/to/wordlist1.txt,/path/to/wordlist2.txt,/path/to/wordlist3.txt,/path/to/wordlist4.txt \\\n\t\t-S statickey1=staticval1,statickey2=staticval2 \\\n\t\t--longest \\\n\t\t--fillvalue \"AAAA\" \\\n\t\t-t 10 \\\n\t\t-r 2 \\\n\t\t-p '{\"http\": \"http://127.0.0.1:8080\", \"https\": \"https://127.0.0.1:8080\"}' \\\n\t\t-H '{\"Content-Type\": \"text/plain\"}' \\\n\t\t--color\n\noutput modes: full (default), --simple_output (just status code and full url), --color (same as simple_output but the status code is colorized)\n\nadditional options:\n\t-d/--delay [FLOAT] = add a delay, per thread, as a float (default 0.0)\n\nor import as a module (from requestinjector import RequestInjector)\n```\n\n### Usage (Importable Module)\n```\nfrom requestinjector import RequestInjector\n\nproxy = {'http': 'http://127.0.0.1:8080', 'https': 'https://127.0.0.1:8080'}\nheaders = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0', 'Accept': 'text/html'}\nurl = \"http://example.com/somepath/a/b/c\"\nwordlist = [\"/path/to/wordlist.txt\"]\n\nx = RequestInjector(url=url, wordlist=wordlist, threads=10, mutate_path=True, headers=headers, proxy=proxy, retries=1, staticargs=\"\", injectkeys=\"\", longest=None, fillvalue=None, simple_output=True)\nx.run()\n```\n\n### Options (-h)\n```\nusage: requestinjector.py [-h] -u URL [-w WORDLIST] [-M MODE] [-H HEADERS]\n [-p PROXY] [-r RETRIES] [-t THREADS] [-d DELAY] [-m]\n [-T ATTACKTYPE] [--longest] [-F FILLVALUE]\n [-S STATICARGS] [-K INJECTKEYS] [--color]\n [--simple_output]\n\nRequestInjector: scan a URL using a given wordlist with optional URL\ntransformations\n\noptional arguments:\n -h, --help show this help message and exit\n\nrequired arguments:\n -u URL, --url URL provide a URL to check\n\ngeneral arguments:\n -w WORDLIST, --wordlist WORDLIST\n provide a wordlist (file) location, or multiple comma-\n separated files in a string, ex. -w\n /home/user/words1.txt or -w\n /home/user/words1.txt,/home/user/words2.txt, etc\n -M MODE, --mode MODE provide a mode (path|arg|body(NYI)) (default path)\n -H HEADERS, --headers HEADERS\n provide a dictionary of headers to include, with\n single-quotes wrapping the dictionary and double-\n quotes wrapping the keys and values, ex. '{\"Content-\n Type\": \"application/json\"}' (defaults to a Firefox\n User-Agent and Accept: text/html) *note default is set\n inside PathWorker class*\n -p PROXY, --proxy PROXY\n provide a dictionary of proxies to use, with single-\n quotes wrapping the dictionary and double-quotes\n wrapping the keys and values, ex. '{\"http\":\n \"http://127.0.0.1:8080\", \"https\":\n \"https://127.0.0.1:8080\"}'\n -r RETRIES, --retries RETRIES\n provide the number of times to retry a connection\n (default 1)\n -t THREADS, --threads THREADS\n provide the number of threads for making requests\n (default 10)\n -d DELAY, --delay DELAY\n provide a delay between requests, per thread, as a\n float (default 0.0); use fewer threads and longer\n delays if the goal is to be less noisy, although the\n amount of requests will remain the same\n -m, --mutate provide if mutations should be applied to the checked\n URL+word (currently only supports path mode, arg mode\n support nyi)\n\narg mode-specific arguments:\n -T ATTACKTYPE, --attacktype ATTACKTYPE\n provide an attack type (shotgun|trident); shotgun is\n similar to Burp Suite's sniper and battering ram\n modes, and trident is similar to pitchfork (default\n shotgun)\n --longest provide if you wish to fully exhaust the longest\n wordlist using the trident attacktype, and not stop\n when the end of shortest wordlist has been reached\n (zip() vis itertools.zip_longest()\n -F FILLVALUE, --fillvalue FILLVALUE\n provide a string to use in null values when using\n --longest with the trident attacktype (such as when\n using two wordlists of differing lengths; the\n fillvalue will be used when the shortest wordlist has\n finished, but terms are still being used from the\n longest wordlist)\n -S STATICARGS, --staticargs STATICARGS\n provide a string of static key=value pairs to include\n in each request, appended to the end of the query, as\n a comma-separated string, ex. key1=val1,key2=val2 etc\n -K INJECTKEYS, --injectkeys INJECTKEYS\n provide a string of keys to be used; using the shotgun\n attacktype, each key will receive values from only the\n first wordlist; using the trident attacktype, each key\n must have a specifc wordlist specified in the matching\n position with the -w WORDLIST option; ex. '-T trident\n -K user,account,sid -w\n userwords.txt,accountids.txt,sids.txt'\n\noutput arguments:\n --color provide if stdout should have colorized status codes\n (will force simple_output format)\n --simple_output provide for simplified output, just status code and\n URL, ex. 200 http://example.com\n```\n\n### Example Output\n```\n# Standard Format\n# Provided URL: http://example.com/somepath/exists\n# Note the IP and port reflect the proxy being used; without a proxy, this will reflect the external address being scanned\nstatus_code:404 bytes:12 word:contactus ip:127.0.0.1 port:8080 url:http://example.com/contactus\nstatus_code:404 bytes:12 word:contactus ip:127.0.0.1 port:8080 url:http://example.com/somepath/contactus\nstatus_code:200 bytes:411 word:contactus ip:127.0.0.1 port:8080 url:http://example.com/somepath/exists/contactus\nstatus_code:404 bytes:12 word:admin ip:127.0.0.1 port:8080 url:http://example.com/admin\nstatus_code:200 bytes:556 word:admin ip:127.0.0.1 port:8080 url:http://example.com/somepath/admin\nstatus_code:200 bytes:556 word:admin ip:127.0.0.1 port:8080 url:http://example.com/somepath/exists/admin\n\n# Simplified Format (simple_output)\n404 http://example.com/contactus\n404 http://example.com/somepath/contactus\n200 http://example.com/somepath/exists/contactus\n404 http://example.com/admin\n200 http://example.com/somepath/admin\n200 http://example.com/somepath/exists/admin\n```\n\n### TODO\n- preview mode\n- body mode, recursive grep, method select/switching\n- logfile dump for every execution\n- redirect history handling\n- body POST/PUT objects using a config\n- optional encodings and obfuscation of words/terms\n- better output handling to support response body content, headers sent/received, etc\n- move more logic out of Worker classes and into pre-processing/Filler and post-processing/Drainer classes\n- jitter, rotating user agents, arg mode mutations (duplicate keys, re-order, null bytes, etc)\n- \"real timeout\" (-R) to use with requests","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbonifield%2Frequestinjector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbonifield%2Frequestinjector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbonifield%2Frequestinjector/lists"}