LFI Suite is a totally automatic tool

 [+] LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.

[+] Features

- Works with Windows, Linux and OS X

- Automatic Configuration

- Automatic Update

- Provides 8 different Local File Inclusion attack modalities:

         >/proc/self/environ

         >php://filter

         >php://input

         >/proc/self/fd

         >access log

         >phpinfo

         >data://

         >expect://

- Provides a ninth modality, called Auto-Hack, which scans      and exploits the target automatically by trying all the attacks   one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).

- Tor proxy support

- Reverse Shell for Windows, Linux and OS X

[+] How to use it?

Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

[-] Reverse Shell

When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port").

[+] Dependencies

- Python 2.7.x

- Python extra modules: termcolor, requests

- socks.py

Download :https://github.com/D35m0nd142/LFISuite

Bagikan Artikel ini