Skip to content

Using This Powerfull Tool, You Can Automate Finding And Exploiting LFI Vulnerability

Notifications You must be signed in to change notification settings

rezasarvani/BitSecurity-LFIFinder

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 

Repository files navigation

BitSecurity-LFIFinder


Using This Powerfull Tool, You Can Automate Finding And Exploiting LFI Vulnerability
| BitSecurity LFI Vulnerabillity Test
| Writen By: Reza Sarvani
| JoinUS ==> BitSecurityTeam

Installation

First You Need To Clone The Repository:
>> git clone https://github.com/rezasarvani/BitSecurity-LFIFinder
Then Install Prerequisites:
python3 -m pip install requests
python3 -m pip install regex
python3 -m pip install requests[socks]
Get Ready To Use The Tool !

Usage


Use "python3 BitLFI.py -h" For Information About Configurations That You Can Make
Options:
* -h, --help: show this help message and exit
* -p PTYPE, --payloadtype=PTYPE:
Windows Payload (1) | Linux Payloads (2) | Both (3)
* -u TURL, --targeturl=TURL:
Target URL To Test For LFI Vulnerabillity
* -d DTIME, --delaytime=DTIME:
How Much Delay Between Request (In Seconds)
* -w WTIME, --wait=WTIME:
After How Much Successfull Exploit You Want To Be Asked Again For Continue
* -t TUSE, --tor=TUSE:
Use Tor For Requests: (Y/N)
* -a ATYPE, --attacktype=ATYPE:
Which Type Of Payload You Want To Test Againt Your Target:
1) Absolute Path Bypass
2) Non-Recursively Stripped
3) URL Encode
4) Double URL Encode
5) Null Byte Injection
6) Null Byte Injection + Extension Validation
7) Start Path Validation
8) Using 4096 Byte Bypass Payload
9) All Bypass Methods

Required Options Are: -u And -p

Default Values


Delay Time: 3 (Seconds)
WaitTime: After Discovering 10 Successful Payload
Attack Type: 9 (All Bypass Methods)
Tor Usage: n (No)

[*] You Can Customize Paths Using linux_paths.txt And windows_paths.txt

About

Using This Powerfull Tool, You Can Automate Finding And Exploiting LFI Vulnerability

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages