icon Book Free Consultation

FDsploit

Image

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Demo

Lock image

Features

  • The LFI-shell interface provides only the output of the file readed or the command issued and not all the html code.
  • 3 different types of LFI-shells can be specified.
  • Both GET/POST requests are supported.
  • Automatic detection of GET parameters.
  • Certain parameters can be specified for testing using wildcards (*).
  • Optional session cookies can be specified and used.
  • Automatic check for RCE using PHP functions can be performed.
  • Additional use of sha-256 hash is used to identify the potential vulnerabilities.
  • base64/urlencoding support.

Requirements

Note: To install the requirements:
   $ pip install -r requirements.txt --upgrade --user