Skip to content

A small and fast bash script for automatic LFI vulnerability detection.

Notifications You must be signed in to change notification settings

halitAKAYDIN/LfiScan

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Video:

2022-05-12-20:38:15.png

Description

A simple Script tests for LFI (Local File Inclusion) via Curl 

Requirements:

curl

Installation:

1. git clone https://github.com/halitAKAYDIN/LfiScan.git
2. cd LfiScan
3. chmod +x lfiscan.sh

Usage:

bash ./lfiscan.sh -h

bash ./lfiscan.sh -u "http://example.com/index.php?page=" 

bash ./lfiscan.sh -u "http://example.com/index.php?page=" -c "PHPSESSID=;" -w wordlist.txt

bash ./lfiscan.sh -u "http://example.com/index.php?page=" -c "PHPSESSID=;" -w wordlist.txt -t 5

Testing:

bash ./lfiscan.sh -u "http://spacesec/dvwa/vulnerabilities/fi/?page=" -c "PHPSESSID=0lkh0q867sv9sv8n7156a06i9e; security=low" -w linux.txt -t 3

███████ ██████   █████   ██████ ███████ ███████ ███████  ██████ 
██      ██   ██ ██   ██ ██      ██      ██      ██      ██      
███████ ██████  ███████ ██      █████   ███████ █████   ██      
     ██ ██      ██   ██ ██      ██           ██ ██      ██      
███████ ██      ██   ██  ██████ ███████ ███████ ███████  ██████
linktr.ee/hltakydn                            coded by hLtAkydn
                                                  Version: v0.6

# Attacking targets without mutual consent is illegal! ########

===================Local File Inclusion Scanner=================

[*] [HST] spacesec code: 200
[*] [RPT] Report Path: /tmp/lfiscan/spacesec

[/] [SCN] Scan in Progress (45/2310)
[!] [LFI] http://spacesec/dvwa/vulnerabilities/fi/?page=/../etc/apache2/apache2.conf

[?] Continue Scanning? [Y/n] 

Disclaimer:

This tool is for educational purposes only.
We are not responsible for any illegal usage of this tool.

About

A small and fast bash script for automatic LFI vulnerability detection.

Topics

Resources

Stars

Watchers

Forks

Languages