Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/codexlynx/nayra

LFI Exploitation Tool
https://github.com/codexlynx/nayra

hacking lfi-exploitation msfvenom red-team web-security webshell

Last synced: 7 days ago
JSON representation

LFI Exploitation Tool

Host: GitHub
URL: https://github.com/codexlynx/nayra
Owner: codexlynx
Created: 2015-07-07T14:07:50.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2017-03-26T22:08:45.000Z (over 7 years ago)
Last Synced: 2023-03-02T19:21:28.554Z (over 1 year ago)
Topics: hacking, lfi-exploitation, msfvenom, red-team, web-security, webshell
Language: Python
Size: 16.6 KB
Stars: 7
Watchers: 3
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGE.txt

Awesome Lists containing this project

README

## Nayra - LFI Exploitation Tool
--------

![python](https://img.shields.io/badge/python-2.7-green.svg?style=flat)

This is a small tool to exploit a LFI (Local File Inclusion) web vulnerability.
The tool provide a functional shell prompt. In the future, I will add some very useful extra options.

### Disclaimer

* __Legal__:
This tool is designed only for __educational__ purposes and __ethical__ hacking. Use it at your own responsibility. Damages or legal problems caused by the tool are the responsibility of the user.

* __License__:
This tool is subject under the following license:

>Creative Commons Attribution-ShareAlike 3.0

![](https://licensebuttons.net/l/by-sa/3.0/88x31.png "Creative Commons")

More Info: [Here](https://creativecommons.org/licenses/by-sa/3.0/ "Legal Description")

### Usage
* __Required Parameters__:

```
-t, --type Specifies the type of action
-u, --url URL vulnerable to LFI (Local File Inclusion)
```

* __List of types__:

```
shell Exploit the vulnerability to get a shell
upload Upload a file to remote server
msfvenom Upload payload generated by msfvenom
```

* __Optional Parameters__:

```
-m, --method (=GET) It can be -> [GET|POST]
-n, --name (=php_1) Used to specify the corresponding attack
payload in "data.json"

-f, --file File to upload (Only "upload" or "msfvenom" types)
-a, --argvs Secondary parameters (Only "msfvenom" type)

-c, --cookies Session cookies
-x, --proxy Using a proxy -> [http://user:passwd@host:port]
-p, --path When it is necessary to make a directory traversal
-b, --null-byte Add Poison Null Byte (%00)
```

* __Other Parameters__:

```
-h, --help Display this message
```

### Demo

![nayra](https://cloud.githubusercontent.com/assets/12601189/8551306/a78ded2c-24cd-11e5-8493-a71824533352.gif)

### About
This tool was created by: __@codexlynx__.

* Twitter: [https://twitter.com/codexlynx](https://twitter.com/codexlynx)
* GitHub: [https://github.com/codexlynx](https://github.com/codexlynx)

----------------
About the tool name:

__In Spanish:__ [https://es.wikipedia.org/wiki/Nayra](https://es.wikipedia.org/wiki/Nayra)