LFI Suite 1.13 released: Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.

Features

• Works with Windows, Linux and OS X
• Automatic Configuration
• Automatic Update
• Provides 8 different Local File Inclusion attack modalities:
  • /proc/self/environ
  • php://filter
  • php://input
  • /proc/self/fd
  • access log
  • phpinfo
  • data://
  • expect://
• Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you have to do anything (except for providing, at the beginning, a list of paths to scan, which if you don’t have you can find in this project directory in two versions, small and huge).
• Tor proxy support
• Reverse Shell for Windows, Linux and OS X

Changelog v1.13 (1 Apr 2018)

Fixed

• requests now are allowed to any websites, even those with self-signed certificates

Added

• set the default file containing paths to test to “pathtotest.txt” (used if the user leaves the input blank)

Installation

git clone https://github.com/D35m0nd142/LFISuite.git

How to use it?

Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

Reverse Shell

When you got an LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command “reverseshell” (obviously you must put your system listening for the reverse connection, for instance using “nc -lvp port”).

Demo

Copyright (C) 2017 D35m0nd142

Source: https://github.com/D35m0nd142/