FDsploit on offsec.tools


File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

FDsploit can be used to discover and exploit Local/Remote File Inclusion and directory traversal vulnerabilities automatically. In case an LFI vulnerability is found, --lfishell option can be used to exploit it. For now, 3 different types of LFI shells are supported: simple, expect, input.

- The LFI-shell interface provides only the output of the file readed or the command issued and not all the html code.
- 3 different types of LFI-shells can be specified.
- Both GET/POST requests are supported.
- Automatic detection of GET parameters.
- Certain parameters can be specified for testing using wildcards (*).
- Optional session cookies can be specified and used.
- Automatic check for RCE using PHP functions can be performed.
- Additional use of sha-256 hash is used to identify the potential vulnerabilities.
- base64/urlencoding support.