LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)

Find your website's Achilles' Heel


There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI).

A new simple tool was released recently which focuses purely on LFI attacks.

Functions

  • Automatically find the root of the file system
  • Detect default files outside of the web folder
  • Attempts to detect passwords inside the files
  • Supports basic authentication
  • Can use null byte to bypass some controls
  • Writes a report of the scan to a file

You can download LFIMAP 1.4.3 here:

lfimap-1.4.3.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

, , , , , , , , , , , , ,

Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,708 views
- AJAX: Is your application secure enough? - 120,082 views
- eEye Launches 0-Day Exploit Tracker - 85,533 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Comments are closed.