MCPcopy
hub / github.com/D35m0nd142/LFISuite

github.com/D35m0nd142/LFISuite @v1.13 sqlite

repository ↗ · DeepWiki ↗ · release v1.13 ↗
137 symbols 492 edges 3 files 20 documented · 15%
README

Version 1.13 Python 2.7.x GPLv3 License Twitter

LFI Suite

alt tag

What is LFI Suite?

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.


Features

  • Works with Windows, Linux and OS X
  • Automatic Configuration
  • Automatic Update
  • Provides 8 different Local File Inclusion attack modalities:
  • /proc/self/environ
  • php://filter
  • php://input
  • /proc/self/fd
  • access log
  • phpinfo
  • data://
  • expect://

  • Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).

  • Tor proxy support
  • Reverse Shell for Windows, Linux and OS X

How to use it?

Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

Reverse Shell

When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port").

Dependencies

  • Python 2.7.x
  • Python extra modules: termcolor, requests
  • socks.py

When you run the script, in case you are missing some modules, it will check if you have pip installed and, in case you don't, it will install it automatically, then using pip it will install also the missing modules and download the necessary file socks.py.

I tried it on different operating systems (Debian,Ubuntu,Fedora,Windows 10,OS X) and it worked great, but if something strange happens to you and the automatic installation of pip and other modules fails, please install missing modules manually and re-run the script.

#f03c15 IMPORTANT: In order to allow the script to install missing modules (and in case pip) automatically, you MUST run the script as root (or, at least, with sufficient permissions) the first time.

Collaboration

LFI Suite already contains a lot of features but, as you probably know, there are plenty of other possible attacks still to implement. If you are a Python programmer/Penetration tester and you want to join this project in order to improve it and extend it, please contact me at <d35m0nd142@gmail.com> or directly here.

Disclaimer

I am not responsible for any kind of illegal acts you cause. This is meant to be used for ethical purposes by penetration testers. If you plan to copy, redistribute please give credits to the original author.

Video: https://www.youtube.com/watch?v=6sY1Skx8MBc

Follow me: https://twitter.com/d35m0nd142

Core symbols most depended-on inside this repo

cleanOutput
called by 67
lfisuite.py
SubstrFind
called by 28
lfisuite.py
isUnknown
called by 22
lfisuite.py
send_access_log_cmd
called by 16
lfisuite.py
phpinfo_request
called by 14
lfisuite.py
close
called by 13
socks.py
exit
called by 13
lfisuite.py
send_phpinput_cmd
called by 13
lfisuite.py

Shape

Function 99
Method 28
Class 10

Languages

Python100%

Modules by API surface

lfisuite.py90 symbols
socks.py44 symbols
pipper.py3 symbols

For agents

$ claude mcp add LFISuite \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact