Added new module lfi_detector

[dr4g0n369]

Resolves #247

Description

Implements a new module lfi_detector

Progress

• Using get_links_and_resources_on_same_domain to get links from the given url
• Detecting lfi using the same mechanism as given in LFI-FINDER
  • Define some common parameters vulnerable to lfi (eg: file, page, load)
  • Give the payloads as inputs to these parameters in different urls obtained from first step -> http://{url}?file={payload1}&page={payload1}&load={payload1}
  • Check if any data from some common files are present (like root:x from /etc/passwd)

I am using sql_injection_detector.py as a reference for making this

Please let me know what changes are needed.

[kazet]

Thanks for the PR - I have added some minor comments but overall the pull request is very good!

[dr4g0n369]

Thanks for the review, I will start working on the changes

[dr4g0n369]

I have implemented the changes. Please let me know if anything else is needed.

[dr4g0n369]

I have changed the wordlist. Please see if it's all good now.

[kazet]

I think we may remove the files we can't automatically detect, such as /etc/hostname, to make the scanning faster

Of course it's only about increasing the speed, so if you remove most of them, not all, it'll be fine

[kazet]

BTW, is it possible to find a shorter payload list, e.g. <100? IMO 1000 * number of parameters to test is quite a big number of requests

[dr4g0n369]

True, that many payloads would put an unnecessary load on the target. I will modify the wordlist to remove the redundant payloads.

[dr4g0n369]

I have decreased the wordlist size to 177 payloads. Since our aim is just to detect LFI (and not look for sensitive files), I think its sufficient to just verify it using /etc/passwd file. Thus, I have removed the indicator for php and only left indicators for /etc/passwd and Windows .ini file.

This should hopefully not put a lot of burden on a target that we scan.

[kazet]

Thanks again for your contribution ❤️