Kadimus – LFI Scanner & Exploitation Tool

Last updated: April 26, 2020 | 5,139 views

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion.

Kadimus - LFI Scanner & Exploitation Tool

Installation

$git clone https://github.com/P0cL4bs/Kadimus.git
$ cd Kadimus

1 2	$git clone https://github.com/P0cL4bs/Kadimus.git $ cd Kadimus

Then you can run the configure file:

./configure

1	./configure

Then:

$ make

$ make

Features

Check all url parameters
/var/log/auth.log RCE
/proc/self/environ RCE
php://input RCE
data://text RCE
Source code disclosure
Multi thread scanner
Command shell interface through HTTP Request
Proxy support (socks4://, socks4a://, socks5:// ,socks5h:// and http://)
Proxy socks5 support for bind connections

Usage

-h, --help                    Display this help menu

  Request:
    -B, --cookie STRING         Set custom HTTP Cookie header
    -A, --user-agent STRING     User-Agent to send to server
    --connect-timeout SECONDS   Maximum time allowed for connection
    --retry-times NUMBER        number of times to retry if connection fails
    --proxy STRING              Proxy to connect, syntax: protocol://hostname:port

  Scanner:
    -u, --url STRING            Single URI to scan
    -U, --url-list FILE         File contains URIs to scan
    -o, --output FILE           File to save output results
    --threads NUMBER            Number of threads (2..1000)

  Explotation:
    -t, --target STRING         Vulnerable Target to exploit
    --injec-at STRING           Parameter name to inject exploit
                                (only need with RCE data and source disclosure)

  RCE:
    -X, --rce-technique=TECH    LFI to RCE technique to use
    -C, --code STRING           Custom PHP code to execute, with php brackets
    -c, --cmd STRING            Execute system command on vulnerable target system
    -s, --shell                 Simple command shell interface through HTTP Request

    -r, --reverse-shell         Try spawn a reverse shell connection.
    -l, --listen NUMBER         port to listen

    -b, --bind-shell            Try connect to a bind-shell
    -i, --connect-to STRING     Ip/Hostname to connect
    -p, --port NUMBER           Port number to connect
    --b-proxy STRING            IP/Hostname of socks5 proxy
    --b-port NUMBER             Port number of socks5 proxy

    --ssh-port NUMBER           Set the SSH Port to try inject command (Default: 22)
    --ssh-target STRING         Set the SSH Host

    RCE Available techniques

      environ                   Try run PHP Code using /proc/self/environ
      input                     Try run PHP Code using php://input
      auth                      Try run PHP Code using /var/log/auth.log
      data                      Try run PHP Code using data://text

    Source Disclosure:
      -G, --get-source          Try get the source files using filter://
      -f, --filename STRING     Set filename to grab source [REQUIRED]
      -O FILE                   Set output file (Default: stdout)

-h, --help Display this help menu

Request:

-B, --cookie STRING Set custom HTTP Cookie header

-A, --user-agent STRING User-Agent to send to server

--connect-timeout SECONDS Maximum time allowed for connection

--retry-times NUMBER number of times to retry if connection fails

--proxy STRING Proxy to connect, syntax: protocol://hostname:port

Scanner:

-u, --url STRING Single URI to scan

-U, --url-list FILE File contains URIs to scan

-o, --output FILE File to save output results

--threads NUMBER Number of threads (2..1000)

Explotation:

-t, --target STRING Vulnerable Target to exploit

--injec-at STRING Parameter name to inject exploit

(only need with RCE data and source disclosure)

RCE:

-X, --rce-technique=TECH LFI to RCE technique to use

-C, --code STRING Custom PHP code to execute, with php brackets

-c, --cmd STRING Execute system command on vulnerable target system

-s, --shell Simple command shell interface through HTTP Request

-r, --reverse-shell Try spawn a reverse shell connection.

-l, --listen NUMBER port to listen

-b, --bind-shell Try connect to a bind-shell

-i, --connect-to STRING Ip/Hostname to connect

-p, --port NUMBER Port number to connect

--b-proxy STRING IP/Hostname of socks5 proxy

--b-port NUMBER Port number of socks5 proxy

--ssh-port NUMBER Set the SSH Port to try inject command (Default: 22)

--ssh-target STRING Set the SSH Host

RCE Available techniques

environ Try run PHP Code using /proc/self/environ

input Try run PHP Code using php://input

auth Try run PHP Code using /var/log/auth.log

data Try run PHP Code using data://text

Source Disclosure:

-G, --get-source Try get the source files using filter://

-f, --filename STRING Set filename to grab source [REQUIRED]

-O FILE Set output file (Default: stdout)

You can download Kadimus here:

Or read more here.

100 Shares

Posted in: Hacking Tools

lfi, lfi scanner, local file inclusion

Navigation

Kadimus – LFI Scanner & Exploitation Tool

Installation

Features

Usage

Latest Posts:

Comments are closed.