Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in python which gathers websites potentially vulnerable to local file inclusion & makes a file named as targets.txt for future reference or manual exploitation. This script later uses the targets.txt file & start fuzzing the endpoint to check whether the website is actually vulnerable or not.
Long story short
: Run this script to get a list of websites along with the vulnerable endpoints.
- Searches for potentially vulnerable websites
- Performs directory fuzzing at the vulnerable endpoints
- Comes with built in searching algorithm
- Requires an API key for more results
Python Installed
version > 3.0
git clone https://github.com/anukulpandey/LFI-Hunter
cd LFI-Hunter
pip install requirements.txt
python3 lfi-hunter.py