File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Demo
Features
- The LFI-shell interface provides only the output of the file readed or the command issued and not all the html code.
- 3 different types of LFI-shells can be specified.
- Both GET/POST requests are supported.
- Automatic detection of GET parameters.
- Certain parameters can be specified for testing using wildcards (*).
- Optional session cookies can be specified and used.
- Automatic check for RCE using PHP functions can be performed.
- Additional use of sha-256 hash is used to identify the potential vulnerabilities.
- base64/urlencoding support.
Requirements
Note: To install the requirements:
$ pip install -r requirements.txt --upgrade --user