lfimap - This script is used to take the highest beneficts of the local file include vulnerability in a webserver
- Find lfi vulnerability in each parameter automatically
- Find the root of the file system automatically
- Find default files inside the server in linux and windows
- Find passwords in config files
- Support basic authentication
- Send null bytes to bypass some controls
- Write a report of the scan
- Support proxy
- Detect OS and send only test according the OS detected
- Hexaencode support
- Output in html format
Download -
This package include script and database of default files
In this version you can set the expected reply when you try to get some inexistent file.
This feature is useful when the server have custom error reply.
Download other versions -
Examples:
Without proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -o report.html
Without proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -o report.html
With proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -w http://proxy:80 -o report.html
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -w http://proxy:80 -o report.html
Encoding in hexa:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -x
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -x
Sending null byte:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -n
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -n
In this site exist a good article about this tool.
http://www.aldeid.com/index.php/Lfimap
http://www.aldeid.com/index.php/Lfimap
Mail to aepereyra (at) gmail dot com
Visit Website -
0 comments:
Post a Comment