Professional-grade web vulnerability scanner with async engine, CVE/NVD lookup, and WAF evasion. Built by 0xJBsec.
- Async crawler (aiohttp + TCPConnector pool)
- SQL Injection: error-based, boolean-blind, time-based
- XSS: reflected detection with context awareness
- Command Injection: output-based + time-based
- Directory Traversal: Unix + Windows + encoded
- Open Redirect: 30+ parameter names tested
- Security Header audit + CSP quality check
- Directory fuzzing: 160+ path wordlist
- CVE lookup: NVD API v2 + CIRCL + ExploitDB
- WAF detection + 5-technique evasion engine
- JSON + human-readable reports
```bash git clone https://github.com/0xJBsec/RedTrace.git cd RedTrace pip3 install -r requirements.txt chmod +x install.sh && ./install.sh ```
```bash redtrace http://target.com redtrace http://target.com --cve-lookup redtrace http://target.com --checks sqli xss --intensity high redtrace http://target.com --cookie "session=abc123" redtrace http://target.com -o report.json ```
For authorised security research, CTFs, and penetration testing only.