This is a small tool to exploit a LFI (Local File Inclusion) web vulnerability. The tool provide a functional shell prompt. In the future, I will add some very useful extra options.
-
Legal: This tool is designed only for educational purposes and ethical hacking. Use it at your own responsibility. Damages or legal problems caused by the tool are the responsibility of the user.
-
License: This tool is subject under the following license:
Creative Commons Attribution-ShareAlike 3.0
More Info: Here
- Required Parameters:
-t, --type Specifies the type of action
-u, --url URL vulnerable to LFI (Local File Inclusion)
- List of types:
shell Exploit the vulnerability to get a shell
upload Upload a file to remote server
msfvenom Upload payload generated by msfvenom
- Optional Parameters:
-m, --method (=GET) It can be -> [GET|POST]
-n, --name (=php_1) Used to specify the corresponding attack
payload in "data.json"
-f, --file File to upload (Only "upload" or "msfvenom" types)
-a, --argvs Secondary parameters (Only "msfvenom" type)
-c, --cookies Session cookies
-x, --proxy Using a proxy -> [http://user:passwd@host:port]
-p, --path When it is necessary to make a directory traversal
-b, --null-byte Add Poison Null Byte (%00)
- Other Parameters:
-h, --help Display this message
This tool was created by: @codexlynx.
- Twitter: https://twitter.com/codexlynx
- GitHub: https://github.com/codexlynx
About the tool name:
In Spanish: https://es.wikipedia.org/wiki/Nayra