03 December 2010 | 9,517 views

LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)

Check For Vulnerabilities with Acunetix

There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI).

A new simple tool was released recently which focuses purely on LFI attacks.


  • Automatically find the root of the file system
  • Detect default files outside of the web folder
  • Attempts to detect passwords inside the files
  • Supports basic authentication
  • Can use null byte to bypass some controls
  • Writes a report of the scan to a file

You can download LFIMAP 1.4.3 here:


Or read more here.


Recent in Exploits/Vulnerabilities:
- XcodeGhost iOS Trojan Infected Over 4000 Apps
- WhatsApp Web vCard Vulnerability Exposed 200M Users
- Mimikatz – Gather Windows Credentials

Related Posts:
- Damn Vulnerable Web App – Learn & Practise Web Hacking
- FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability
- fimap – Remote & Local File Inclusion (RFI/LFI) Scanner

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 231,725 views
- AJAX: Is your application secure enough? - 119,684 views
- eEye Launches 0-Day Exploit Tracker - 85,281 views

Advertise on Darknet

Comments are closed.