icon Book Free Consultation



File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.


Lock image


  • The LFI-shell interface provides only the output of the file readed or the command issued and not all the html code.
  • 3 different types of LFI-shells can be specified.
  • Both GET/POST requests are supported.
  • Automatic detection of GET parameters.
  • Certain parameters can be specified for testing using wildcards (*).
  • Optional session cookies can be specified and used.
  • Automatic check for RCE using PHP functions can be performed.
  • Additional use of sha-256 hash is used to identify the potential vulnerabilities.
  • base64/urlencoding support.


Note: To install the requirements:
   $ pip install -r requirements.txt --upgrade --user