Skip to content
/ LFI-Dumper Public

Dump files over Local File Inclusion vulnerability

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Asiern/LFI-Dumper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits

.github/workflows

.github/workflows

 
 

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

Dump files over Local File Inclusion


 ▄▄▌  ·▄▄▄▪    ·▄▄▄▄  ▄• ▄▌• ▌ ▄ ·.  ▄▄▄·▄▄▄ .▄▄▄
 ██•  ▐▄▄ ██   ██· ██ █▪██▌·██ ▐███▪▐█ ▄█▀▄.▀·▀▄ █·
 ██ ▪ █  ▪▐█·  ▐█▪ ▐█▌█▌▐█▌▐█ ▌▐▌▐█· ██▀·▐▀▀▪▄▐▀▀▄
 ▐█▌ ▄██ .▐█▌  ██. ██ ▐█▄█▌██ ██▌▐█▌▐█▪·•▐█▄▄▌▐█•█▌
 .▀▀▀ ▀▀▀ ▀▀▀  ▀▀▀▀▀•  ▀▀▀ ▀▀  █▪▀▀▀.▀    ▀▀▀ .▀  ▀

     https://github.com/Asiern/LFI-Dumper


Usage: ./lfidumper -e 'http://target.com/page=' -d dictionary.txt

Options:
         -e : Endpoint url. -e 'http://target.com/page='
         -o : Output directory. -o output.
              If not specified the output directory will be './out'.
         -l : Login url. -l 'http://target/login'
         -p : Login POST payload. -p 'username=admin&password=admin&Login=Login'
         -d : Dictionary
         -f : Filter response body. Get response until string first appearance.
         -h : Show this menu

Authentication

If authentication is required, you can define the login url and the POST payload to authenticate.

./lfidumper -e "http://target/?page=" -d dictionary.txt -l "http://target/login" -p "username=admin&password=password123"

About

Dump files over Local File Inclusion vulnerability

Topics

cyber-security lfi-exploitation local-file-inclusion

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

0.1 Latest
Apr 18, 2022

Languages