Skip to content

0x-Apollyon/YA-LFI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.gitignore
.gitignore
 
 
LFIscanner.py
LFIscanner.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
all_os.txt
all_os.txt
 
 
auth.json
auth.json
 
 
linux.txt
linux.txt
 
 
requirements.txt
requirements.txt
 
 
windows.txt
windows.txt
 
 

Repository files navigation

▄██   ▄      ▄████████           ▄█          ▄████████  ▄█  
███   ██▄   ███    ███          ███         ███    ███ ███  
███▄▄▄███   ███    ███          ███         ███    █▀  ███▌ 
▀▀▀▀▀▀███   ███    ███  ██████  ███        ▄███▄▄▄     ███▌ 
▄██   ███ ▀███████████  ██████  ███       ▀▀███▀▀▀     ███▌ 
███   ███   ███    ███          ███         ███        ███  
███   ███   ███    ███          ███▌    ▄   ███        ███  
 ▀█████▀    ███    █▀           █████▄▄██   ███        █▀

Yet another - local file inclusion scanner

By: Apollyon

Commands

COMMAND DESCRIPTION
-h / --help Request help
-u / --url Target Website
-ulist / --url_list Target multiple websites from file
-ta / --test_all Test all parameters of the given URL
-to / --timeout Set the timeout for requests
-wiz / --wizard Wizard for new users
-p / --payload Payload file
-e / --extract Extract content
-t / --threads Multi threaded scanning
-pr / --proxy Using proxies (HTTP, HTTPS, SOCKS)
-auth / --authentication Authentication using headers and/or cookies
-save / --save_to_file Saves valid payloads to file on disk

Installation

Normal

git clone https://github.com/0x-Apollyon/YA-LFI.git
cd YA-LFI
pip install -r requirements.txt

Using virtual environment (Arch based linux distros)

git clone https://github.com/0x-Apollyon/YA-LFI.git
cd YA-LFI
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Usage

You can run it using commands given below or use the wizard

View help

python LFIscanner.py -h

Default usage

python LFIscanner.py -u https://example.com?param= -p all_os.txt

Using with wizard

python LFIscanner.py -wiz

Linux wordlist

python LFIscanner.py -u https://example.com?param= -p linux.txt

Windows wordlist

python LFIscanner.py -u https://example.com?param= -p windows.txt

image
image

Using with TOR

If you want to use YA-LFI with TOR you can do the following

  • Run the tor service
  • Add socks5://127.0.0.1:9050 to the proxy list
  • Run YA-LFI with the proxies flag

Tor uses the port 9050 for socks proxies by default, so if you have changed that change the port aswell

Other amazing third party wordlists

Linux wordlist
Windows wordlist

Most common parameters

?cat={payload}
?dir={payload}
?action={payload}
?board={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?prefix={payload}
?include={payload}
?page={payload}
?inc={payload}
?locate={payload}
?show={payload}
?doc={payload}
?site={payload}
?type={payload}
?view={payload}
?content={payload}
?document={payload}
?layout={payload}
?mod={payload}
?conf={payload}

Source

Credits

Based on work by: LFIScanner by R3LI4NT
Special thanks to @azuk4r for giving ideas and testing it out in its early stages

About

Yet another LFI Scanner

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages