Awesome

<h1 align="center"> <br> <a href="https://github.com/mzfr/liffy"><img src="Images/Liffy-logo.png" alt="liffy"></a> <br> </h1> <h4 align="center">LFI Exploitation tool</h4>

liffy in action

<p align="center"> <a href="https://github.com/mzfr/liffy/wiki">liffy Wiki</a> • <a href="https://github.com/mzfr/liffy/wiki/Usage">Usage</a> • <a href="https://github.com/mzfr/liffy/wiki/Installation">Installation</a> • </p>

A little python tool to perform Local file inclusion.

Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time.

Main feature

data:// for code execution
expect:// for code execution
input:// for code execution
filter:// for arbitrary file reads
/proc/self/environ for code execution in CGI mode
Apache access.log poisoning
Linux auth.log SSH poisoning
Direct payload delivery with no stager
Support for absolute and relative path traversal
Support for cookies for authentication

Documentation

Contribution

Suggest a feature
- Like any other technique to exploit LFI
Report a bug
Fix something and open a pull request

In any case feel free to open an issue

Credits

All the exploitation techniques are taken from liffy

Logo for this project is taken from renderforest

Support

If you'd like you can buy me some coffee: