• Stars
    star
    766
  • Rank 59,308 (Top 2 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Local file inclusion exploitation tool

GitSpo Mentions License: GPL v3 Maintenance Rawsec's CyberSecurity Inventory

Packaging status


liffy

LFI Exploitation tool

liffy in action

liffy Wiki • Usage • Installation •

A little python tool to perform Local file inclusion.

Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time.

Main feature

  • data:// for code execution
  • expect:// for code execution
  • input:// for code execution
  • filter:// for arbitrary file reads
  • /proc/self/environ for code execution in CGI mode
  • Apache access.log poisoning
  • Linux auth.log SSH poisoning
  • Direct payload delivery with no stager
  • Support for absolute and relative path traversal
  • Support for cookies for authentication

Documentation

Contribution

  • Suggest a feature

    • Like any other technique to exploit LFI
  • Report a bug

  • Fix something and open a pull request

In any case feel free to open an issue

Credits

All the exploitation techniques are taken from liffy

Logo for this project is taken from renderforest

Support

If you'd like you can buy me some coffee:

Buy Me A Coffee

More Repositories

1

gtfo

Search gtfobins and lolbas files from your terminal
Python
455
star
2

slicer

A tool to automate the boring process of APK recon
Python
337
star
3

rsh

generate reverse shell from CLI for linux and Windows.
Python
246
star
4

ctf-writeups

Writeups of Capture The Flag Competitions
Python
122
star
5

vulnhub-writeups

Writeups for Vulnhub's boot2root machines that I've done
SCSS
84
star
6

go-gtfo

gtfo, now with the speed of golang
Go
60
star
7

HackTheBox-writeups

Writeups for all the HTB machines I have done
Shell
58
star
8

takeover

A tool for testing subdomain takeover possibilities at a mass scale.
Go
46
star
9

notes

A miscellany of thoughts.
42
star
10

GSoC-Data

GSoC Data from 2005 to 2018 in JSON format.
Python
35
star
11

lswriteups

CLI tool to get the links of original writeups from ctftime.org
Python
32
star
12

jrnl-web

A web based frontend for jrnl: https://github.com/maebert/jrnl
Python
12
star
13

LiTour

Lichess + Tournaments = LiTour
Python
7
star
14

pgn2gif

Create GIFs from PGNs
Python
6
star
15

GitHub.html

Generate an overview of everything a GitHub user has done.
HTML
4
star
16

mzfr.github.io

My blog
CSS
3
star
17

99Problems

My solution for 99Problems in OCaml
OCaml
2
star
18

Competitive-coding

Some Competitive programming problems that I solved in my Final year.
Python
2
star
19

picoCTF-Data

Jupyter Notebook
1
star
20

Python-Scripts

Some scripts I've written in Python
Python
1
star
21

resume

My LaTeX based resume
TeX
1
star
22

Libot

Lichess + Bot = Libot
Python
1
star
23

cryptopals

My solutions for cryptopals challenges
Python
1
star
24

Latex-templates

Just some random latex template that I had to use over the years.
TeX
1
star
25

year-in-review

Analysis of all my chess games
Jupyter Notebook
1
star