Skip to content
/ liffy Public
forked from mzfr/liffy

Local file inclusion exploitation tool

License

Notifications You must be signed in to change notification settings

bbhunter/liffy

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitSpo Mentions License: GPL v3 Maintenance Rawsec's CyberSecurity Inventory

Packaging status


liffy

LFI Exploitation tool

liffy in action

liffy WikiUsageInstallation

A little python tool to perform Local file inclusion.

Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time.

Main feature

  • data:// for code execution
  • expect:// for code execution
  • input:// for code execution
  • filter:// for arbitrary file reads
  • /proc/self/environ for code execution in CGI mode
  • Apache access.log poisoning
  • Linux auth.log SSH poisoning
  • Direct payload delivery with no stager
  • Support for absolute and relative path traversal
  • Support for cookies for authentication

Documentation

Contribution

  • Suggest a feature

    • Like any other technique to exploit LFI
  • Report a bug

  • Fix something and open a pull request

In any case feel free to open an issue

Credits

All the exploitation techniques are taken from liffy

Logo for this project is taken from renderforest

Support

If you'd like you can buy me some coffee:

Buy Me A Coffee

About

Local file inclusion exploitation tool

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 93.3%
  • PHP 5.4%
  • Dockerfile 1.3%