A simple local file inclusion (LFI) vulnerability tester with user login support.
Made with Python 3
pip install -r requirements.txt
| CLI Flags | Information |
|---|---|
| -h, --help | show this help message and exit |
| -u, --url | specify target URL in quotes |
| -p, --parameter | specify known LFI parameter in quotes (?[file/page/path/site]=) |
| -d, --dir-depth | specify maximum directory traversal depth (default = 5) |
| -l, --login-url | specify login URL in quotes |
sylfi.py -u 'http://<domain_name>:<port>/file_name.php' -p '?file='
OR
python3 sylfi.py -u 'http://<domain_name>:<port>/file_name.php' -p '?file='
Might get you blocked for brute forcing.
sylfi.py -u 'http://<domain_name>:<port>/file_name.php'
This will try all the parameters specified in the sylfi.py file in parameters variable.
You will need to edit the script file sylfi.py. Edit the credentials parameters username and password and their values as per your webpage login POST request inside the variable login_payload in the login function.
sylfi.py -u 'http://<domain_name>:<port>/file_name.php' -l 'http://<domain_name>:<port>/login_url' -p '?file='