There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI).
A new simple tool was released recently which focuses purely on LFI attacks.
- Automatically find the root of the file system
- Detect default files outside of the web folder
- Attempts to detect passwords inside the files
- Supports basic authentication
- Can use null byte to bypass some controls
- Writes a report of the scan to a file
You can download LFIMAP 1.4.3 here:
Or read more here.
Recent in Exploits/Vulnerabilities:
- Target CIO Beth Jacob Resigns After Huge Breach
- 2 Different Hacker Groups Exploit The Same IE 0-Day
- Researchers Crack 4096-bit RSA Encryption With a Microphone
- Damn Vulnerable Web App – Learn & Practise Web Hacking
- FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability
- fimap – Remote & Local File Inclusion (RFI/LFI) Scanner
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 224,551 views
- AJAX: Is your application secure enough? - 118,892 views
- eEye Launches 0-Day Exploit Tracker - 84,983 views