LFI discovery tools

Tools

Popular LFI discovery tools

LFI Freak (LFI find and exploiter)

penetration testing, security assessment

LFI Freak is a tool to help finding and exploiting local file inclusions (LFI). It has a particular focus on using PHP Input, PHP Filter, and Data URI methods.

LFI Suite (LFI scanner and exploiter)

penetration testing, web application analysis

This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.

fimap (LFI discovery and exploitation)

penetration testing, web application analysis

Fimap has the ability to search and exploit local (LFI) and remote (RFI) file inclusions bugs. It also can leverage Google during its usage.

nycto-dork (dork tool with option to scan for SQLi and LFI)

penetration testing

Nycto-dork is dork scanner that can also test for SQL injections and local file injections (LFI). It can be used during security assessments like a penetration test.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.

Related topics

Looking for more specific topics within this tool group? Have a look at the following relevant topics.