Local File Inclusion Vulnerability Scanner
Local File Inclusion is the website vulnerability and can gave attacker the ability to root the website server too.
Description
The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities. This is a python script which works as a LFI scanner.
Usage
./lfi_scanner.py –url=
Usage example
./lfi_scanner.py –url=”http://www.example.com/page.php?file=main”
Usage notes
- Always use http://….
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.
Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries to catch most errors with error handling.
- Contains a LFI vulnerability scanner.
- Finds out how a possible LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Supports common *nix targets, but no Windows systems.
Known issues
- This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones.
- Like most other LFI scanners, this tool here also has trouble with handling certain server responses.
Some notes
- Tested with Python 2.6.5.
- Modify, distribute, share and copy the code in any way you like!
- Please note that this tool was created for educational purposes only.
- Do not use this tool in an illegal way. Know and respect your local laws.
- Only use this tool for legal purposes, such as pentesting your own website
- I am not responsible if you cause any damage or break the law.
- Power to teh c0ws!
Download Here:
*****~~~~~~~~~~*****
Enjoyed the post? Like us on Facebook or follow us on Twitter
Support us Make a small PayPal Donation
DOWNLOAD OUR FREE TOOLBAR TO STAY UPDATED
Need Help or more info contact:
h3LLB0unD h@Ck3R
Would love to here from you...