0xKirito / sylfi

Simple LFI Vulnerability Tester with Authentication Support

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SyLFI - Simple LFI Tester with Login Support

A simple local file inclusion (LFI) vulnerability tester with user login support.

Made with Python 3

Usage

  • pip install -r requirements.txt
CLI Flags Information
-h, --help show this help message and exit
-u, --url specify target URL in quotes
-p, --parameter specify known LFI parameter in quotes (?[file/page/path/site]=)
-d, --dir-depth specify maximum directory traversal depth (default = 5)
-l, --login-url specify login URL in quotes

With Known LFI Parameter (faster)

sylfi.py -u 'http://<domain_name>:<port>/file_name.php' -p '?file='

OR

python3 sylfi.py -u 'http://<domain_name>:<port>/file_name.php' -p '?file='

Without Specified LFI Parameter (slower/brute force)

Might get you blocked for brute forcing.

sylfi.py -u 'http://<domain_name>:<port>/file_name.php'

This will try all the parameters specified in the sylfi.py file in parameters variable.

Login Support if Webpage Needs the User to Log In

You will need to edit the script file sylfi.py. Edit the credentials parameters username and password and their values as per your webpage login POST request inside the variable login_payload in the login function.

sylfi.py -u 'http://<domain_name>:<port>/file_name.php' -l 'http://<domain_name>:<port>/login_url' -p '?file='

Libraries/Packages Used

About

Simple LFI Vulnerability Tester with Authentication Support


Languages

Language:Python 100.0%