rezasarvani/BitSecurity-LFIFinder
Using This Powerfull Tool, You Can Automate Finding And Exploiting LFI Vulnerability
Python
Using This Powerfull Tool, You Can Automate Finding And Exploiting LFI Vulnerability
| BitSecurity LFI Vulnerabillity Test
| Writen By: Reza Sarvani
| JoinUS ==> BitSecurityTeam
First You Need To Clone The Repository:
>> git clone https://github.com/rezasarvani/BitSecurity-LFIFinder
Then Install Prerequisites:
python3 -m pip install requests
python3 -m pip install regex
python3 -m pip install requests[socks]
Get Ready To Use The Tool !
Use "python3 BitLFI.py -h" For Information About Configurations That You Can Make
Options:
* -h, --help: show this help message and exit
* -p PTYPE, --payloadtype=PTYPE:
Windows Payload (1) | Linux Payloads (2) | Both (3)
* -u TURL, --targeturl=TURL:
Target URL To Test For LFI Vulnerabillity
* -d DTIME, --delaytime=DTIME:
How Much Delay Between Request (In Seconds)
* -w WTIME, --wait=WTIME:
After How Much Successfull Exploit You Want To Be Asked Again For Continue
* -t TUSE, --tor=TUSE:
Use Tor For Requests: (Y/N)
* -a ATYPE, --attacktype=ATYPE:
Which Type Of Payload You Want To Test Againt Your Target:
1) Absolute Path Bypass
2) Non-Recursively Stripped
3) URL Encode
4) Double URL Encode
5) Null Byte Injection
6) Null Byte Injection + Extension Validation
7) Start Path Validation
8) Using 4096 Byte Bypass Payload
9) All Bypass Methods
Required Options Are: -u And -p
Delay Time: 3 (Seconds)
WaitTime: After Discovering 10 Successful Payload
Attack Type: 9 (All Bypass Methods)
Tor Usage: n (No)