LFI exploitation tools

Tools

fimap (LFI discovery and exploitation)

penetration testing, web application analysis

Fimap has the ability to search and exploit local (LFI) and remote (RFI) file inclusions bugs. It also can leverage Google during its usage.

LFI Freak (LFI find and exploiter)

penetration testing, security assessment

LFI Freak is a tool to help finding and exploiting local file inclusions (LFI). It has a particular focus on using PHP Input, PHP Filter, and Data URI methods.

LFI Suite (LFI scanner and exploiter)

penetration testing, web application analysis

This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.

nycto-dork (dork tool with option to scan for SQLi and LFI)

penetration testing

Nycto-dork is dork scanner that can also test for SQL injections and local file injections (LFI). It can be used during security assessments like a penetration test.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.