Totally Automatic LFI Exploiter & Scanner: LFISuite
TTS
LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack.
Features
- Works with Windows, Linux and OS X
- Automatic Configuration
- Automatic Update
- Provides 8 different Local File Inclusion attack modalities:
- /proc/self/environ
- php://filter
- php://input
- /proc/self/fd
- access log
- phpinfo
- data://
- expect://
- Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don’t have you can find in this project directory in two versions, small and huge).
- Tor proxy support
- Reverse Shell for Windows, Linux and OS X
[adsense size='1' ]
How to use it?
Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.
Reverse Shell
When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command “reverseshell” (obviously you must put your system listening for the reverse connection, for instance using “nc -lvp port”).
Dependencies
- Python 2.7.x
- Python extra modules: termcolor, requests
- socks.py
https://github.com/D35m0nd142/LFISuite
Gloss