Local file inclusion exploitation tool
-
Updated
May 19, 2026 - Python
#
lfi-exploitation
Here are 52 public repositories matching this topic...
Local File Inclusion discovery and exploitation tool
python3 web-application penetration-testing pentesting exploitation lfi rfi command-injection remote-file-inclusion remote-code-execution lfi-exploitation local-file-inclusion
-
Updated
Dec 31, 2024 - Python
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
security penetration-testing rce pentesting exploitation information-leak vulnerability-detection takeover vulnerability-scanners vulnerability-assessment lfi directory-traversal websecurity pentest-tool websec lfi-exploitation local-file-inclusion path-traversal lfi-shells filter-evasion
-
Updated
Sep 25, 2021 - Python
Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.
python scanner hacking waf command-line-tool bypass sqlmap exploitation-framework xss-detection sql-scanner sqlinjection command-injection lfi-exploitation ssti open-redirect-detection sqli-scanner command-injection-scanner waymap trixsec website-hacking-tool
-
Updated
Feb 19, 2026 - Python
LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.
python crawler hacking cybersecurity enumeration penetration-testing fuzzing pentesting bugbounty exploitation lfi web-hacking pentest-tool webhacking lfi-exploitation lfi-vulnerability penetration-testing-tools lfi-detection
-
Updated
Dec 16, 2024 - Python
POC - CVE-2024–10914- Command Injection Vulnerability in `name` parameter for D-Link NAS
-
Updated
Nov 27, 2024 - PowerShell
Web Vulnerability Detector (XSS,SQL,LFI,XST,WAF)
python xss-vulnerability pentesting sqli-vulnerability-scanner xss-exploitation xss-detection xss-attacks lfi xst sqlinjection lfi-exploitation waf-detection sqli-pentester webpwn
-
Updated
Dec 8, 2020 - Python
LFI (Local File Inclusion) Exploitation Tool
-
Updated
Jan 4, 2021 - Python
A simple Script which tests for LFI (Local File Inclusion) via Curl
-
Updated
Mar 11, 2019 - Shell
🦖 PTScanner is a powerful tool for detecting Path Traversal and Local File Inclusion (LFI) vulnerabilities. developed as part of the ApachSAL project, it has been fully ported to Node.js, featuring significant enhancements and extended capabilities for modern penetration testing workflows.
vulnerability-detection directory-traversal lfi-exploitation lfi-detection path-traversal-exploitation ptscanner
-
Updated
Jul 24, 2025 - JavaScript
A small and fast bash script to automate LFI vulnerability.
-
Updated
Nov 21, 2022 - Shell
This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).
owasp rce application-security lfi owasp-top-10 command-injection lfi-labs lfi-exploitation local-file-inclusion lfi-vulnerability os-command-injection remote-command-execution lfi-detection lfi-rce lfi-exploit lfi-to-rce lfi-to-shell lfi-scenario lfi-challenge
-
Updated
Jun 16, 2022 - PHP
LFI Exploitation Tool
-
Updated
Mar 26, 2017 - Python
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
wordpress-plugin lfi elementor-page-builder lfi-exploitation cve-2024-9935 unauthenticated-arbitrary-file-download
-
Updated
Dec 19, 2024 - Shell
CVE-2024-50623 POC - Cleo Unrestricted file upload and download
-
Updated
Dec 23, 2024 - Shell
For Web Security
-
Updated
Jul 7, 2022 - JavaScript
LFI2Keys automates the process of extracting user accounts from /etc/passwd and attempts to locate private SSH keys through LFI
-
Updated
Oct 13, 2025 - Python
From your first shell to your first ROP chain. A complete exploitation reference — buffer overflows, SQLi, RCE, LFI, SSRF, deserialization, shells, evasion, and everything in between. Whether you just learned what a shell is or you are writing your own exploits — start here.
shell debugging reverse-shell exploit deserialization rce sql-injection ctf ssrf buffer-overflow rfi ctf-tools av-evasion bind-shell lfi-exploitation waf-bypass ssrf-payload
-
Updated
Mar 30, 2026
LFI Finder
-
Updated
Apr 2, 2024 - Java
Takes input wordlist in native path format to generate encoding evasion, path traversals, and null byte injections
-
Updated
Sep 12, 2023 - Python
Improve this page
Add a description, image, and links to the lfi-exploitation topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the lfi-exploitation topic, visit your repo's landing page and select "manage topics."