Kadimus on offsec.tools


Check for and exploit LFI vulnerabilities with a focus on PHP systems.

- Check all url parameters
- /var/log/auth.log RCE
- /proc/self/environ RCE
- php://input RCE
- data://text RCE
- expect://cmd RCE
- Source code disclosure
- Command shell interface through HTTP request
- Proxy support (socks4://, socks4a://, socks5:// ,socks5h:// and http://)
- Proxy socks5 support for remote connections