d35m0nd142 / lfisuite Goto Github PK

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

License: GNU General Public License v3.0

Python 100.00%

lfisuite's Introduction

LFI Suite

What is LFI Suite?

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.

Features

Works with Windows, Linux and OS X
Automatic Configuration
Automatic Update
Provides 8 different Local File Inclusion attack modalities:
- /proc/self/environ
- php://filter
- php://input
- /proc/self/fd
- access log
- phpinfo
- data://
- expect://
Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).
Tor proxy support
Reverse Shell for Windows, Linux and OS X

How to use it?

Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

Reverse Shell

When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port").

Dependencies

Python 2.7.x
Python extra modules: termcolor, requests
socks.py

When you run the script, in case you are missing some modules, it will check if you have pip installed and, in case you don't, it will install it automatically, then using pip it will install also the missing modules and download the necessary file socks.py.
I tried it on different operating systems (Debian,Ubuntu,Fedora,Windows 10,OS X) and it worked great, but if something strange happens to you and the automatic installation of pip and other modules fails, please install missing modules manually and re-run the script.
IMPORTANT: In order to allow the script to install missing modules (and in case pip) automatically, you MUST run the script as root (or, at least, with sufficient permissions) the first time.

Collaboration

LFI Suite already contains a lot of features but, as you probably know, there are plenty of other possible attacks still to implement. If you are a Python programmer/Penetration tester and you want to join this project in order to improve it and extend it, please contact me at <[email protected]> or directly here.

Disclaimer

I am not responsible for any kind of illegal acts you cause. This is meant to be used for ethical purposes by penetration testers. If you plan to copy, redistribute please give credits to the original author.

Video: https://www.youtube.com/watch?v=6sY1Skx8MBc
Follow me: https://twitter.com/d35m0nd142

lfisuite's People

Contributors

Stargazers

Watchers

Forkers

cys3c clicknull ossecfile dviros vysecurity v1cker arryboom f3eev webvul kbahaxor infosecsecurity team-firebugs y0d4a ssh-shashi tardummy01 sengkyaut m00zh33 shekkbuilder little-endian-0x01 kuteminh11 kaicastledine 1-5pool hackmycontrolsystem webkodex signedbytes m41doror thomasking2014 avgirl nitesculucian cephurs michalkoczwara z3v2cicidi h1d3r paralax awesome-security xiaojianbiz ssdtfarm conanjun thenukebr songofhack jothatron gregtampa tuian rollys ht13 0patch 5up3rc ph4k3r andyvaikunth tijikun7764119x snollyg0st3r dmdv h3ll0w0lrd i-was-a-fish msf4dmin n4yk olivierh59500 realmortimor dipsec hotelzululima eltorobiz hack-the-box h0r57 bhasbor bigttys0 grepsecurity kcsec mehrdad-shokri 00kush00 cainiaoxiaobai2016 lucianolo chikkuaa fogsec elorion russellmurad dayisuki terncgod ykankaya net2net expertasif h0k5 raimundojimenez dust-life lexluga hex0x42424242 sagarpopat-zz txblackwolf seabreg anh2hn projectboot sair770 vaginessa ro9ueadmin matisact germannoob jbarcia g0tmi1k ch4p34un0ir jiushill deelmind

lfisuite's Issues

termcolor issue in pip

┌──(kali㉿kali)-[~/LFISuite]
└─$ python lfisuite.py
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Defaulting to user installation because normal site-packages is not writeable
Requirement already up-to-date: pip in /home/kali/.local/lib/python2.7/site-packages (20.2.4)

[*] Installing module 'termcolor'
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Defaulting to user installation because normal site-packages is not writeable
Collecting termcolor
Using cached termcolor-1.1.0.tar.gz (3.9 kB)
ERROR: Command errored out with exit status 1:
command: /usr/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-3gNR89/termcolor/setup.py'"'"'; file='"'"'/tmp/pip-install-3gNR89/termcolor/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-sSDHVv
cwd: /tmp/pip-install-3gNR89/termcolor/
Complete output (6 lines):
usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: setup.py --help [cmd1 cmd2 ...]
or: setup.py --help-commands
or: setup.py cmd --help

error: invalid command 'egg_info'
----------------------------------------

ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
Traceback (most recent call last):
File "lfisuite.py", line 68, in
from termcolor import colored
ImportError: No module named termcolor

┌──(kali㉿kali)-[~/LFISuite]
└─$

Requests Module Issue

Hi there, i tried to execute your tool but i got this error:

File "lfisuite.py", line 45, in
import requests
ImportError: No module named requests

PS: i got Requests installed, python3 and 2.7 too.

Python 3 Version first draft

https://pastebin.com/P7FqxmdY
Should be mostly working, give it a check over mate.

Pycharm detected the following issues still:

Local variables referenced before assignment == tmp_name, whoami, shell_host, pwd, x
Unresolved references == Module 'pip_install_module' not found, others not found, pipper, url, inputmain, inputmain, file.

The following Parameters or Variables are not used:
headers, test, rcvbuf, found, found, ftemp, index, index, filterpage, lines, keyword, path, cmd, pwd, boidy, point, whoami, pwd, cmd, r, whoami, pwd, shell_host

I have problem while install module

[*] Installing module 'termcolor'
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Collecting termcolor
Downloading https://files.pythonhosted.org/packages/8a/48/a76be51647d0eb9f10e2a4511bf3ffb8cc1e6b14e9e4fab46173aa79f981/termcolor-1.1.0.tar.gz
Building wheels for collected packages: termcolor
Building wheel for termcolor (setup.py) ... done
Created wheel for termcolor: filename=termcolor-1.1.0-cp27-none-any.whl size=4832 sha256=ddc8089e1e4a77628b7af8997aa95cb1ec7581e21b5768cf7f5e2530999a087c
Stored in directory: /home/hack3r/.cache/pip/wheels/7c/06/54/bc84598ba1daf8f970247f550b175aaaee85f68b4b0c5ab2c6
Successfully built termcolor
Installing collected packages: termcolor

ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/termcolor.py'
Consider using the --user option or check the permissions.

Traceback (most recent call last):
File "./lfisuite.py", line 68, in
from termcolor import colored
ImportError: No module named termcolor

reverse shell option

Hello,
I noticed that during exploitation that there is no option to use the reverse shell instead of bind shell initially. This has been causing a problem since in this situation obtaining that first bind shell (Used to switch over to the reverse shell ) cannot happen because of firewall rules. It would be a nice addition to add an option for this if there isnt one already( i couldnt seem to find it).
Thanks for hearing me out!

Windows or Linux you decide

Would be useful if you could specify what OS your attacking

Requirement already satisfied error

WARNING: Value for scheme.platlib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.purelib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.headers does not match. Please report this to pypa/pip#9617
distutils: /usr/local/include/python3.9/UNKNOWN
sysconfig: /usr/include/python3.9
WARNING: Value for scheme.scripts does not match. Please report this to pypa/pip#9617
distutils: /usr/local/bin
sysconfig: /usr/bin
WARNING: Value for scheme.data does not match. Please report this to pypa/pip#9617
distutils: /usr/local
sysconfig: /usr
WARNING: Additional context:
user = False
home = None
root = None
prefix = None
Requirement already satisfied: pip in /usr/local/lib/python3.9/dist-packages (21.1)
WARNING: Value for scheme.platlib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.purelib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.headers does not match. Please report this to pypa/pip#9617
distutils: /usr/local/include/python3.9/UNKNOWN
sysconfig: /usr/include/python3.9
WARNING: Value for scheme.scripts does not match. Please report this to pypa/pip#9617
distutils: /usr/local/bin
sysconfig: /usr/bin
WARNING: Value for scheme.data does not match. Please report this to pypa/pip#9617
distutils: /usr/local
sysconfig: /usr
WARNING: Additional context:
user = False
home = None
root = None
prefix = None
WARNING: Running pip as root will break packages and permissions. You should install packages reliably by using venv: https://pip.pypa.io/warnings/venv

[*] Installing module 'termcolor'
WARNING: Value for scheme.platlib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.purelib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.headers does not match. Please report this to pypa/pip#9617
distutils: /usr/local/include/python3.9/UNKNOWN
sysconfig: /usr/include/python3.9
WARNING: Value for scheme.scripts does not match. Please report this to pypa/pip#9617
distutils: /usr/local/bin
sysconfig: /usr/bin
WARNING: Value for scheme.data does not match. Please report this to pypa/pip#9617
distutils: /usr/local
sysconfig: /usr
WARNING: Additional context:
user = False
home = None
root = None
prefix = None
Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (1.1.0)
WARNING: Value for scheme.platlib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.purelib does not match. Please report this to pypa/pip#9617
distutils: /usr/local/lib/python3.9/dist-packages
sysconfig: /usr/lib/python3.9/site-packages
WARNING: Value for scheme.headers does not match. Please report this to pypa/pip#9617
distutils: /usr/local/include/python3.9/UNKNOWN
sysconfig: /usr/include/python3.9
WARNING: Value for scheme.scripts does not match. Please report this to pypa/pip#9617
distutils: /usr/local/bin
sysconfig: /usr/bin
WARNING: Value for scheme.data does not match. Please report this to pypa/pip#9617
distutils: /usr/local
sysconfig: /usr
WARNING: Additional context:
user = False
home = None
root = None
prefix = None
WARNING: Running pip as root will break packages and permissions. You should install packages reliably by using venv: https://pip.pypa.io/warnings/venv
Traceback (most recent call last):
File "lfisuite.py", line 68, in
from termcolor import colored
ImportError: No module named termcolor

你好，我想咨询一下这个错误

iTraceback (most recent call last):
File "lfisuite.py", line 1881, in
run_autoHack()
File "lfisuite.py", line 1765, in run_autoHack
run_data()
File "lfisuite.py", line 1374, in run_data
content = send_data_cmd_default(cmd,odataurl,i)
File "lfisuite.py", line 1325, in send_data_cmd_default
return send_data_cmd_simple_nosl(cmd,url)
File "lfisuite.py", line 1307, in send_data_cmd_simple_nosl
return send_data_cmd_generic("%sdata:,%s" %(url,cmd))
File "lfisuite.py", line 1302, in send_data_cmd_generic
content = (requests.get(url,headers=gen_headers,timeout=15, verify=False)).text
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='192.168.189.192', port=80): Read timed out. (read timeout=15)

Do no handle invalid Certificated on https connections

Might be interesting to add (maybe optionnaly ?) a verify=False so that we can scan webserver which has self signed certificates ?

Error while exploiting...

Traceback (most recent call last):
File "lfisuite.py", line 1881, in
run_autoHack()
File "lfisuite.py", line 1765, in run_autoHack
run_data()
File "lfisuite.py", line 1374, in run_data
content = send_data_cmd_default(cmd,odataurl,i)
File "lfisuite.py", line 1325, in send_data_cmd_default
return send_data_cmd_simple_nosl(cmd,url)
File "lfisuite.py", line 1307, in send_data_cmd_simple_nosl
return send_data_cmd_generic("%sdata:,%s" %(url,cmd))
File "lfisuite.py", line 1302, in send_data_cmd_generic
content = (requests.get(url,headers=gen_headers,timeout=15, verify=False)).text
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='xxxxxxxxxxxx', port=80): Read timed out. (read timeout=15)

I got this error while exploiting ..
Unable to resolve this issue.. Help me:)

LFI with no URL Parameter

I found an LFI that didn't require a parameter in the URL to be exploited. basically, it looked like this:
http://www.example.com//etc/passwd

Is it possible to add a feature where this tool takes parameter-less urls as well?

Not working with Python3

Hi there, This code nomore works in python2 Version, and with Python3 too. I'll Update the codes,so that it will run with python3

termcolor issue

Traceback (most recent call last):
File "lfisuite.py", line 68, in
from termcolor import colored
File "/usr/lib/python2.7/dist-packages/termcolor.py", line 35
def getattr(name: str) -> list[str]:
^
SyntaxError: invalid syntax

Null Byte at the end of php://input

url = "%sphp://input%%00" %(inputurl)

Bad smell . Mixing tabs and spaces

Also some error occured .

.:: phpinfo Injection ::.

[*] Enter the website without path (ex: 'http://justsitename') -> http://172.16.0.16:8888
[*] Enter the vulnerable LFI path (ex: '/lfi.php?file=../..') -> /vulnerabilities/fi/?page=
[*] Enter the phpinfo path (ex: '/path/info.php') -> /phpinfo.php

[*] Generating the request.. wait please..
Traceback (most recent call last):
  File "lfisuite.py", line 1863, in <module>
    run_phpinfo()
  File "lfisuite.py", line 767, in run_phpinfo
    cmd = raw_input("%s@%s:%s$ PHP:// " %(whoami,shell_host,pwd))
UnboundLocalError: local variable 'whoami' referenced before assignment

crawler

hello, it looks like it does not crawl website?

invalid url

hi i paste this link: https://www.19mayiskoleji.com.tr/ and this error has occured [ERROR] Invalid URL syntax!

Need Feature to output to file

Hello D35 ,

Need a Feature to Output the result to the file

Error while executing file

python3 LFISuite/lfisuite.py 1 ⨯
File "/home/kali/LFISuite/lfisuite.py", line 27
print "[!] pipper not found in the current directory.. Downloading pipper.."
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("[!] pipper not found in the current directory.. Downloading pipper..")?

Can the tool work via POST requests?

Hello! Is your tool able to scan via POST requests? I cannot find a workable tool that can perform LFI scanning via POST.

It will be cool if you implement the feature in your tool or explain how to use it if it is implemented already.

Thank you very much in advance.

SSL issue

I encountered the following error when attempting to run the script against a website with a self-signed or expired certificate (redacted the host ip) :

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 112, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 512, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 622, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 511, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='X.X.X.X', port=443): Max retries exceeded with url: /section.php?page=php://input (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

output to a txt file

hi, has the output to a file feature been implemented? If so , how can you do this?
thanks

FreeBSD apache log location

I found the pathtotest files (both of them) were missing the FreeBSD Apache default log location;

/var/log/httpd-access.log

I recommend adding this, as it can be a crucial when attempting/discovering potential log poisoning.

FEATURE REQUST

Can we make this tool take multiple urls at a time and aso suport post method switching
and scan paths wothout parameters
like for example
example.com/archive/../../../../../etc/passwd
like some lfi vulns can be found in paths frags without params

How to fix termcolor

As LFISuite needs to be run in python2 just edit the file and remove the following:

try:
from termcolor import colored
except:
solve_dependencies("termcolor")
from termcolor import colored

And every word in every line which says 'colored'

problem when run tool

File "lfisuite.py", line 27
print "[!] pipper not found in the current directory.. Downloading pipper.."
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("[!] pipper not found in the current directory.. Downloading pipper..")?

Termcolor issue

*] Installing module 'termcolor'
Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (1.1.0)
WARNING: Running pip as root will break packages and permissions. You should install packages reliably by using venv: https://pip.pypa.io/warnings/venv
Traceback (most recent call last):
File "lfisuite.py", line 68, in
from termcolor import colored
ImportError: No module named termcolor

what can i solve this problems

python lfisuite.py
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: pip in /home/robiul/.local/lib/python3.9/site-packages (21.2.4)

[*] Installing module 'termcolor'
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (1.1.0)
Traceback (most recent call last):
File "lfisuite.py", line 68, in
from termcolor import colored
ImportError: No module named termcolor

possible false positive detection !

I tried LFISuite on multiple websites and most of the time only alert for this one: /usr/local/cpanel/logs/access_log' [Vulnerable]

on linux and windows based servers as well.

Please fixxx

./lfisuite.py: 10: import: not found
./lfisuite.py: 11: import: not found
./lfisuite.py: 12: import: not found
./lfisuite.py: 13: import: not found
./lfisuite.py: 14: import: not found
./lfisuite.py: 16: Syntax error: "(" unexpected

please fix

/LFISuite/lfisuite.py", line 27
print "[!] pipper not found in the current directory.. Downloading pipper.."
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("[!] pipper not found in the current directory.. Downloading pipper..")?