Liffy is a local file inclusion exploitation tool. A little python tool to perform Local file inclusion.
Liffy-v2.0 is the improved version of it which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn’t seen any development for a long time.
Installation
Make sure you are using python3 for the Installation process. liffy doesn't support python2
git clone http://github.com/mzfr/liffy
python3 -m venv Ex: python3 -m venv liffy
source liffy/bin/activate
pip3 install -r requirements.txt
NOTE -It uses msfvenom for generating php payload, So you should have metasploit installed
Also Read – Metabigor : Intelligence Tool But Without API Key
Usage
usage: liffy.py [-h] [-d] [-i] [-e] [-f] [-p] [-a]
[-ns] [-r] [–ssh] [-l LOCATION] [–cookies COOKIES]
url
Positional Arguments:
url URL to test for LFI
Optional Arguments:
-h, –help show this help message and exit
-d, –data Use data:// technique
-i, –input Use input:// technique
-e, –expect Use expect:// technique
-f, –filter Use filter:// technique
-p, –proc Use /proc/self/environ technique
-a, –access access logs technique
-ns, –nostager execute payload directly, do not use stager
-r, –relative use path traversal sequences for attack
–ssh SSH auth log poisoning
-l LOCATION, –location LOCATION
path to the target file (access log, auth log, etc.)
–cookies COOKIES session cookies for authentication
Option: -d or --data
Ex: python liffy.py http://example.com/?id= -d
Option: -i or --input
Ex: python liffy.py http://example.com/?id= -i
Option: -e or --expect
Ex: python liffy.py http://example.com/?id= -e
Option: -f or --filter
Ex: python liffy.py http://example.com/?id= -f
Option: -p or --proc
Ex: python liffy.py http://example.com/?id= -p
Option: -a or --access
Ex: python liffy.py http://example.com/?id= -a
Option: -s or --ssh
Ex: python liffy.py http://example.com/?id= -s
Option: -r
This option can be used along with other options so relatively traverse the directories.
EX:
python liffy.py http://example.com/?id= -s -r
python liffy.py http://example.com/?id= -p -r
python liffy.py http://example.com/?id= -a -r
Option: -l or --location
This option has to be used either with all the log techniques like authlog, sshlog
EX:
python liffy.py http://example.com/?id= -s -l /var/auth.log
python liffy.py http://example.com/?id= -a -l /var/apache2/access.log
By default the following location is used:
/var/log/auth.log/var/log/apache2/access.logCredits:
The Windows Registry Editor lets you easily view and control critical Windows system and application…
In the rapidly expanding Internet of Things (IoT) ecosystem, billions of devices are constantly exchanging…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…