Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mzfr/liffy

Local file inclusion exploitation tool
https://github.com/mzfr/liffy

hac hacktoberfest lfi lfi-exploitation local-file-inclusion reverse-shell

Last synced: about 2 months ago
JSON representation

Local file inclusion exploitation tool

Host: GitHub
URL: https://github.com/mzfr/liffy
Owner: mzfr
License: gpl-3.0
Created: 2019-06-08T06:50:38.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-07-24T09:55:12.000Z (about 1 year ago)
Last Synced: 2024-05-19T06:05:22.723Z (4 months ago)
Topics: hac, hacktoberfest, lfi, lfi-exploitation, local-file-inclusion, reverse-shell
Language: Python
Homepage:
Size: 253 KB
Stars: 723
Watchers: 13
Forks: 99
Open Issues: 3
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - liffy - Local file inclusion exploitation tool (Exploitation / File Inclusion)
WebHackersWeapons - Liffy
awesome-hacking-lists - mzfr/liffy - Local file inclusion exploitation tool (Python)

README

        [![GitSpo Mentions](https://gitspo.com/badges/mentions/mzfr/liffy?style=flat-square)](https://gitspo.com/mentions/mzfr/liffy)

[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)

[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/mzfr/liffy/graphs/commit-activity)

[![Rawsec's CyberSecurity Inventory](https://inventory.raw.pm/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.raw.pm/tools.html#Liffy)

[![Packaging status](https://repology.org/badge/vertical-allrepos/liffy.svg)](https://repology.org/project/liffy/versions)



  


  

  




LFI Exploitation tool


![liffy in action](Images/liffy.png)



  liffy Wiki •

  Usage •

  Installation •



A little python tool to perform Local file inclusion.

Liffy v2.0 is the improved version of [liffy](https://github.com/hvqzao/liffy) which was originally created by [rotlogix/liffy](https://github.com/rotlogix/liffy). The latter is no longer available and the former hasn't seen any development for a long time.

## Main feature

  - data:// for code execution

  - expect:// for code execution

  - input:// for code execution

  - filter:// for arbitrary file reads

  - /proc/self/environ for code execution in CGI mode

  - Apache access.log poisoning

  - Linux auth.log SSH poisoning

  - Direct payload delivery with no stager

  - Support for absolute and relative path traversal

  - Support for cookies for authentication

## Documentation

* [Installation](https://github.com/mzfr/liffy/wiki/Installation)

* [Usage](https://github.com/mzfr/liffy/wiki/Usage)

## Contribution

* Suggest a feature

  - Like any other technique to exploit LFI

* Report a bug

* Fix something and open a pull request

In any case feel free to open an issue

## Credits

All the exploitation techniques are taken from [liffy](https://github.com/hvqzao/liffy)

Logo for this project is taken from [renderforest](https://www.renderforest.com/)

## Support

If you'd like you can buy me some coffee: