这个脚本用于将本地文件的最高价值包括Web服务器漏洞
资 源 简 介
This script can:
Find lfi vulnerability in each parameter automatically
Find the root of the file system automatically
Find default files inside the server in linux and windows
Find passwords in config files
Support basic authentication
Send null bytes to bypass some controls
Write a report of the scan
Support proxy
Detect OS and send only test according the OS detected
Hexaencode support
Output in html format
Examples:
Without proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -o report.html
With proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -w http://proxy:80 -o report.html
Encoding in hexa:
$ python lfimap.py -t " 请点击左侧文件开始预览 !预览只提供20%的代码片段,完整代码需下载后查看 加载中 侵权举报
文 件 列 表
lfimap-1.4.8
linux_test.dat
win_test.dat
lfimap.py