LFI exploitation tools
Tools
Popular LFI exploitation tools
LFI Freak (LFI find and exploiter)
penetration testing, security assessment
LFI Freak is a tool to help finding and exploiting local file inclusions (LFI). It has a particular focus on using PHP Input, PHP Filter, and Data URI methods.
LFI Suite (LFI scanner and exploiter)
penetration testing, web application analysis
This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.
fimap (LFI discovery and exploitation)
penetration testing, web application analysis
Fimap has the ability to search and exploit local (LFI) and remote (RFI) file inclusions bugs. It also can leverage Google during its usage.
nycto-dork (dork tool with option to scan for SQLi and LFI)
penetration testing
Nycto-dork is dork scanner that can also test for SQL injections and local file injections (LFI). It can be used during security assessments like a penetration test.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.