lfimap - This script is used to take the highest beneficts of the local file include vulnerability in a webserver

Project Information

Project feeds
Code license
Artistic License/GPL
Labels
localfileinclude, lfi, scan, python, web, exploit, proxy

Members

1 committer

This script can:

Find lfi vulnerability in each parameter automatically
Find the root of the file system automatically
Find default files inside the server in linux and windows
Find passwords in config files
Support basic authentication
Send null bytes to bypass some controls
Write a report of the scan
Support proxy
Detect OS and send only test according the OS detected
Hexaencode support
Output in html format

Examples:
Without proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -o report.html

With proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -w http://proxy:80 -o report.html

Encoding in hexa:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -x

Sending null byte:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -n

In this site exist a good article about this tool.
http://www.aldeid.com/index.php/Lfimap

Mailme to aepereyra (at) gmail dot com