Today I am releasing my Simple Local File Inclusion Vulnerability Scanner 1.0 (29th December 2010).
[Download]
Description
The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities.
Usage
./lfi_scanner.py –url=
Usage example
./lfi_scanner.py –url=”http://www.example.com/page.php?file=main”
Usage notes
– Always use http://….
– This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
– If you only have a SEO URL, try to find out the real URL which contents parameters.
Feature list
– Provides a random user agent for the connection.
– Checks if a connection to the target can be established.
– Tries to catch most errors with error handling.
– Contains a LFI vulnerability scanner.
– Finds out how a possible LFI vulnerability can be exploited (e.g. directory depth).
– Supports nullbytes!
– Supports common *nix targets, but no Windows systems.
Known issues
– This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones.
– Like most other LFI scanners, this tool here also has trouble with handling certain server responses.
Some notes
– Tested with Python 2.6.5.
– Modify, distribute, share and copy the code in any way you like!
– Please note that this tool was created for educational purposes only.
– Do not use this tool in an illegal way. Know and respect your local laws.
– Only use this tool for legal purposes, such as pentesting your own website
– I am not responsible if you cause any damage or break the law.
– Power to teh c0ws!
Screenshot
