Skip to content

0x-Apollyon/YA-LFI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.gitignore
.gitignore
 
 
LFIscanner.py
LFIscanner.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
all_os.txt
all_os.txt
 
 
auth.json
auth.json
 
 
linux.txt
linux.txt
 
 
requirements.txt
requirements.txt
 
 
windows.txt
windows.txt
 
 

Repository files navigation

▄██   ▄      ▄████████           ▄█          ▄████████  ▄█  
███   ██▄   ███    ███          ███         ███    ███ ███  
███▄▄▄███   ███    ███          ███         ███    █▀  ███▌ 
▀▀▀▀▀▀███   ███    ███  ██████  ███        ▄███▄▄▄     ███▌ 
▄██   ███ ▀███████████  ██████  ███       ▀▀███▀▀▀     ███▌ 
███   ███   ███    ███          ███         ███        ███  
███   ███   ███    ███          ███▌    ▄   ███        ███  
 ▀█████▀    ███    █▀           █████▄▄██   ███        █▀

Yet another - local file inclusion scanner

By: Apollyon

Commands

COMMAND DESCRIPTION
-h / --help Request help
-u / --url Target Website
-ulist / --url_list Target multiple websites from file
-ta / --test_all Test all parameters of the given URL
-to / --timeout Set the timeout for requests
-wiz / --wizard Wizard for new users
-p / --payload Payload file
-e / --extract Extract content
-t / --threads Multi threaded scanning
-pr / --proxy Using proxies (HTTP, HTTPS, SOCKS)
-auth / --authentication Authentication using headers and/or cookies
-save / --save_to_file Saves valid payloads to file on disk

Installation

Normal

git clone https://github.com/0x-Apollyon/YA-LFI.git
cd YA-LFI
pip install -r requirements.txt

Using virtual environment (Arch based linux distros)

git clone https://github.com/0x-Apollyon/YA-LFI.git
cd YA-LFI
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Usage

You can run it using commands given below or use the wizard

View help

python LFIscanner.py -h

Default usage

python LFIscanner.py -u https://example.com?param= -p all_os.txt

Using with wizard

python LFIscanner.py -wiz

Linux wordlist

python LFIscanner.py -u https://example.com?param= -p linux.txt

Windows wordlist

python LFIscanner.py -u https://example.com?param= -p windows.txt

image
image

Using with TOR

If you want to use YA-LFI with TOR you can do the following

  • Run the tor service
  • Add socks5://127.0.0.1:9050 to the proxy list
  • Run YA-LFI with the proxies flag

Tor uses the port 9050 for socks proxies by default, so if you have changed that change the port aswell
You can also try @azuk4r's fork of YA-LFI here which tries to implement tor rotation by defaults

Other amazing third party wordlists

Linux wordlist
Windows wordlist

Most common parameters

?cat={payload}
?dir={payload}
?action={payload}
?board={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?prefix={payload}
?include={payload}
?page={payload}
?inc={payload}
?locate={payload}
?show={payload}
?doc={payload}
?site={payload}
?type={payload}
?view={payload}
?content={payload}
?document={payload}
?layout={payload}
?mod={payload}
?conf={payload}

Source

Credits

Based on work by: LFIScanner by R3LI4NT
Special thanks to @azuk4r for giving ideas and testing it out in its early stages

About

Yet another LFI Scanner

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages