lfimap v1.4.8


lfimap - This script is used to take the highest beneficts of the local file include vulnerability in a webserver

This script can -
  • Find lfi vulnerability in each parameter automatically
  • Find the root of the file system automatically 
  • Find default files inside the server in linux and windows
  • Find passwords in config files
  • Support basic authentication
  • Send null bytes to bypass some controls
  • Write a report of the scan
  • Support proxy
  • Detect OS and send only test according the OS detected 
  • Hexaencode support
  • Output in html format
Download -
This package include script and database of default files
In this version you can set the expected reply when you try to get some inexistent file. 
This feature is useful when the server have custom error reply.

Download other versions -

Examples:
Without proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -o report.html

With proxy:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -w http://proxy:80 -o report.html

Encoding in hexa:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -x 

Sending null byte:
$ python lfimap.py -t "http://localhost/lfi.php?page=home.txt&module=home" -n 

In this site exist a good article about this tool.
http://www.aldeid.com/index.php/Lfimap 
Mail to aepereyra (at) gmail dot com

Visit Website -