LFI Freak alternatives

Looking for an alternative tool to replace LFI Freak? During the review of LFI Freak we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. LFI Suite (LFI scanner and exploiter)
  2. nycto-dork (dork tool with option to scan for SQLi and LFI)
  3. fimap (LFI discovery and exploitation)

These tools are ranked as the best alternatives to LFI Freak.

Alternatives (by score)

64

LFI Suite

Introduction

This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.

Project details

LFI Suite is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - Full name of author is unknown

Typical usage

  • Penetration testing
  • Web application analysis

LFI Suite review

64

nycto-dork

Introduction

This tool has limited documentation. For that reason, the review is limited at this time.

Project details

nycto-dork is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - Minimal or no documentation available
  • - Full name of author is unknown

Typical usage

  • Penetration testing

nycto-dork review

68

fimap

Introduction

Fimap has the ability to search and exploit local (LFI) and remote (RFI) file inclusions bugs. It also can leverage Google during its usage.

Project details

fimap is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Penetration testing
    • Web application analysis

    fimap review

    64

    Damn Small FI Scanner (DSFS)

    Introduction

    None

    Project details

    Damn Small FI Scanner is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Security assessment
      • Vulnerability scanning

      Damn Small FI Scanner review

      52

      WPSeku

      Introduction

      With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

      Project details

      WPSeku is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available
      • - Unknown project license

      Typical usage

      • Penetration testing
      • Security assessment
      • Vulnerability scanning

      WPSeku review

      64

      Yasuo

      Introduction

      Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications. There are many remotely exploitable vulnerabilities for web applications and their front-end components. Yasuo helps to make it easier to scan for the weaknesses like remote code execution (RCE), SQL injections, and file inclusions.

      Project details

      Yasuo is written in Ruby.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Penetration testing
        • Vulnerability scanning
        • Web application analysis

        Yasuo review

        Some relevant tool missing as an alternative to LFI Freak? Please contact us with your suggestion.