Skip to content
Local file inclusion exploitation tool
Branch: master
Clone or download
mzfr Merge pull request #4 from ayushpriya10/master
Adding Dockerfile for easier deployment.
Latest commit 5692988 Jun 13, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
Images Add logo Jun 8, 2019
core Fix wrong file name Jun 11, 2019
Dockerfile Adding Dockerfile for easier deployment. Jun 12, 2019
LICENSE Update License Jun 8, 2019 Update Readme Jun 8, 2019 Fix wrong file name Jun 11, 2019
requirements.txt Fix requirements Jun 12, 2019

GitSpo Mentions License: GPL v3 Maintenance


LFI Exploitation tool

liffy in action

liffy WikiUsageInstallation

A little python tool to perform Local file inclusion.

Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time.

Main feature

  • data:// for code execution
  • expect:// for code execution
  • input:// for code execution
  • filter:// for arbitrary file reads
  • /proc/self/environ for code execution in CGI mode
  • Apache access.log poisoning
  • Linux auth.log SSH poisoning
  • Direct payload delivery with no stager
  • Support for absolute and relative path traversal
  • Support for cookies for authentication



  • Suggest a feature

    • Like any other technique to exploit LFI
  • Report a bug

  • Fix something and open a pull request

In any case feel free to open an issue


All the exploitation techniques are taken from liffy

Logo for this project is taken from renderforest

Say Thanks saythanks

If you'd like to 🎉 say thanks 😄

You can’t perform that action at this time.