Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/b2dfir/linuxpoisonablelogfinder
Security Testing Tool to identify whether a list of common log files, which may be used for log poisoning, can be accessed from an known local file inclusion vulnerability.
https://github.com/b2dfir/linuxpoisonablelogfinder
Last synced: about 2 months ago
JSON representation
Security Testing Tool to identify whether a list of common log files, which may be used for log poisoning, can be accessed from an known local file inclusion vulnerability.
- Host: GitHub
- URL: https://github.com/b2dfir/linuxpoisonablelogfinder
- Owner: B2dfir
- Created: 2017-08-25T06:32:41.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-09-27T06:24:49.000Z (over 7 years ago)
- Last Synced: 2024-08-04T09:06:15.101Z (5 months ago)
- Language: Python
- Size: 3.91 KB
- Stars: 6
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-network-stuff - **3**星
README
# LinuxPoisonableLogFinder
Security testing tool to identify whether a list of common log files, which may be used for log poisoning, can be accessed from an known local file inclusion vulnerability.
You must identify a LFI vulnerability first, as well as the complete path that provides access to the root directory.
Usage: PoisonableLogFinder.py "root LFI URI" "optional terminator"
E.g. PoisonableLogFinder.py "hxxp://192.168.1.10/vuln/index.php?path=../../../../../../" "%00"
## Change Log
##### 26 Sep 2017 - V1.1
Updated to take an optional termination string parameter (such as %00), and added two log file locations: `var/log/httpd-access.log` `var/log/httpd-error.log`
##### 24 Aug 2017 - V1.0
Initial release