Kadimus – LFI Scanner & Exploitation Tool

h, help                    Display this help menu

  Request:

    B, cookie STRING         Set custom HTTP Cookie header

    A, useragent STRING     UserAgent to send to server

    connecttimeout SECONDS   Maximum time allowed for connection

    retrytimes NUMBER        number of times to retry if connection fails

    proxy STRING              Proxy to connect, syntax: protocol://hostname:port

  Scanner:

    u, url STRING            Single URI to scan

    U, urllist FILE         File contains URIs to scan

    o, output FILE           File to save output results

    threads NUMBER            Number of threads (2..1000)

  Explotation:

    t, target STRING         Vulnerable Target to exploit

    injecat STRING           Parameter name to inject exploit

                                (only need with RCE data and source disclosure)

  RCE:

    X, rcetechnique=TECH    LFI to RCE technique to use

    C, code STRING           Custom PHP code to execute, with php brackets

    c, cmd STRING            Execute system command on vulnerable target system

    s, shell                 Simple command shell interface through HTTP Request

    r, reverseshell         Try spawn a reverse shell connection.

    l, listen NUMBER         port to listen

    b, bindshell            Try connect to a bindshell

    i, connectto STRING     Ip/Hostname to connect

    p, port NUMBER           Port number to connect

    bproxy STRING            IP/Hostname of socks5 proxy

    bport NUMBER             Port number of socks5 proxy

    sshport NUMBER           Set the SSH Port to try inject command (Default: 22)

    sshtarget STRING         Set the SSH Host

    RCE Available techniques

      environ                   Try run PHP Code using /proc/self/environ

      input                     Try run PHP Code using php://input

      auth                      Try run PHP Code using /var/log/auth.log

      data                      Try run PHP Code using data://text

    Source Disclosure:

      G, getsource          Try get the source files using filter://

      f, filename STRING     Set filename to grab source [REQUIRED]

      O FILE                   Set output file (Default: stdout)

Leave a Reply