/LFI_autoexploiter

Automatic exploitation of an LFI web vulnerability. It is capable of using base64 extraction, null byte bypass and URL encoding bypass

Primary LanguagePythonMIT LicenseMIT

LFI_autoexploiter

Automatic exploitation of an LFI web vulnerability.

Install

As simple as: git clone https://github.com/Moluma/LFI_autoexploiter

Usage

usage: lfi_extractor.py [-h] [-url URL] [-path_list PATH_LIST] [--b64 B64] [--url_enc URL_ENC] [--null NULL] [--output OUTPUT] [--static STATIC] [--dynamic DYNAMIC]

optional arguments:

-h, --help show this help message and exit

-url URL Example: http://example.com/script.php?=

-path_list PATH_LIST Path to LFI files to extract. Not needed in scan mode

--b64 B64 Uses php base64 extraction if given a 1

--url_enc URL_ENC Uses url encoding if given a 1

--null NULL Adds a null byte if given a 1

--output OUTPUT Path to export the report

--static STATIC Uses the value provided as static time (seconds) between requests

--dynamic DYNAMIC Uses the interval (e: 1-4) provided as dynamic random time (seconds) between requests