LFI Exploitation tool
A little python tool to perform Local file inclusion.
Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time.
Main feature
- data:// for code execution
- expect:// for code execution
- input:// for code execution
- filter:// for arbitrary file reads
- /proc/self/environ for code execution in CGI mode
- Apache access.log poisoning
- Linux auth.log SSH poisoning
- Direct payload delivery with no stager
- Support for absolute and relative path traversal
- Support for cookies for authentication
Documentation
Contribution
- Suggest a feature
- Like any other technique to exploit LFI
- Report a bug
- Fix something and open a pull request
Credits
All the exploitation techniques are taken from liffy
Logo for this project is taken from renderforest
Support
If you'd like you can buy me some coffee: