This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).

LFI / RCE Unauthenticated - Apache 2.4.49 & 2.4.50

LFI Finder

ScanShield is an advanced vulnerability scanner built to identify common web security flaws such as SQL Injection, XSS, LFI, RFI, directory listing issues, and security header misconfigurations.

Sonatype Nexus Repository Manager 3 (LFI)

LFI Exploitation tool

LfiDump is a Python-based Local File Inclusion (LFI) vulnerability scanner that helps security professionals detect potential LFI vulnerabilities in web applications

This script is used for taking advantage of a Local File Inclusion in the Wordpress site editor plugin version 1.1.1, it's made in bash

LFI Scanner (Nuclei + Python Runner) A scalable Local File Inclusion (LFI) scanning framework combining Nuclei’s detection accuracy with a Python-based CLI runner for real-time progress, payload timing, and clean hit logging. Designed and tuned specifically for Apache + mod_security environments, this setup supports thousands of external Payloads

This script is used for taking advantage of a Local File Inclusion in the Wordpress mail masta plugin version 1.0, it's made in bash

LFI Fuzzer automates the detection of Local File Inclusion (LFI) vulnerabilities in web apps by appending common file paths to a target URL, supporting custom paths, traversal, and multithreading.