Liffy – Local File Inclusion Exploitation Tool

February 25, 2020
liffy 6 Liffy logo

LFI Exploitation tool

liffy 7 liffy

A little python tool to perform Local file inclusion.
Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn’t seen any development for a long time.

Main feature

  • data:// for code execution
  • expect:// for code execution
  • input:// for code execution
  • filter:// for arbitrary file reads
  • /proc/self/environ for code execution in CGI mode
  • Apache access.log poisoning
  • Linux auth.log SSH poisoning
  • Direct payload delivery with no stager
  • Support for absolute and relative path traversal
  • Support for cookies for authentication

Documentation

  • Installation
  • Usage

Contribution

  • Suggest a feature
    • Like any other technique to exploit LFI
  • Report a bug
  • Fix something and open a pull request

In any case feel free to open an issue

Credits
All the exploitation techniques are taken from liffy
Logo for this project is taken from renderforest

Support
If you’d like you can buy me some coffee:

Download Liffy
Original Source
Tags: , , , ,

You may have missed

CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

April 20, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 20, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 20, 2024
CISA Logo

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

April 20, 2024
CISA Logo

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

April 20, 2024