A tool to encode URLs for LFI vulnerability.
Project description
# LFI URL Encoding
A tool to encode URLs for LFI vulnerability.
**Note**: this tool does not intend to encode all ASCII or UTF-8 characters but only those which are usefull for LFI testing.
## Requirements
This software was designed for Python 3, it mays work under Python 2.
This software was tested with Python 3.4.1 and 3.5.2.
This software uses those python libraries:
- [argparse](https://docs.python.org/3/library/argparse.html)
## Usage
```
usage: LFI-encoding.py [-h] (-s <string> | -d <string>) [-a] [-n]
LFI-encoding - Encoding url for LFI
optional arguments:
-h, --help show this help message and exit
-s <string>, --simple <string>
Simple encoding
-d <string>, --double <string>
Double encoding
-a, --advanced Advanced encoding ('&', '+', '=')
-n, --null_byte Append a null byte
```
## Examples
Simple encoding:
```
./LFI-encoding.py -s ../../../../etc/passwd
%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd
```
Double encoding:
```
./LFI-encoding.py -d ../../../../etc/passwd
%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252Fpasswd
```
Null byte:
```
./LFI-encoding.py -s ../../etc/passwd -n
%2E%2E%2F%2E%2E%2Fetc%2Fpasswd%00
```
Advanced encoding vs normal:
```
./LFI-encoding.py -s 'context=config&file=conf.inc.php~' -a
context%3Dconfig%26file%3Dconf%2Einc%2Ephp%7E
./LFI-encoding.py -s 'context=config&file=conf.inc.php~'
context=config&file=conf%2Einc%2Ephp~
```
## Install
- **Online**: run `pip install lfi_url_encoding`
- **Offline**:
+ Download [the archive](https://pypi.python.org/pypi?:action=display&name=lfi_url_encoding&version=1.0)
+ Unpack the archive
+ Go into the folder and run `python setup.py install`
A tool to encode URLs for LFI vulnerability.
**Note**: this tool does not intend to encode all ASCII or UTF-8 characters but only those which are usefull for LFI testing.
## Requirements
This software was designed for Python 3, it mays work under Python 2.
This software was tested with Python 3.4.1 and 3.5.2.
This software uses those python libraries:
- [argparse](https://docs.python.org/3/library/argparse.html)
## Usage
```
usage: LFI-encoding.py [-h] (-s <string> | -d <string>) [-a] [-n]
LFI-encoding - Encoding url for LFI
optional arguments:
-h, --help show this help message and exit
-s <string>, --simple <string>
Simple encoding
-d <string>, --double <string>
Double encoding
-a, --advanced Advanced encoding ('&', '+', '=')
-n, --null_byte Append a null byte
```
## Examples
Simple encoding:
```
./LFI-encoding.py -s ../../../../etc/passwd
%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd
```
Double encoding:
```
./LFI-encoding.py -d ../../../../etc/passwd
%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252Fpasswd
```
Null byte:
```
./LFI-encoding.py -s ../../etc/passwd -n
%2E%2E%2F%2E%2E%2Fetc%2Fpasswd%00
```
Advanced encoding vs normal:
```
./LFI-encoding.py -s 'context=config&file=conf.inc.php~' -a
context%3Dconfig%26file%3Dconf%2Einc%2Ephp%7E
./LFI-encoding.py -s 'context=config&file=conf.inc.php~'
context=config&file=conf%2Einc%2Ephp~
```
## Install
- **Online**: run `pip install lfi_url_encoding`
- **Offline**:
+ Download [the archive](https://pypi.python.org/pypi?:action=display&name=lfi_url_encoding&version=1.0)
+ Unpack the archive
+ Go into the folder and run `python setup.py install`
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
lfi_url_encoding-1.0.1.tar.gz
(15.6 kB
view details)
File details
Details for the file lfi_url_encoding-1.0.1.tar.gz.
File metadata
- Download URL: lfi_url_encoding-1.0.1.tar.gz
- Upload date:
- Size: 15.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | df671c0b82648dd46a37f6380fe2950248fce0ea1939cccf3d3c4f5e7db7eae5 |
|
| MD5 | a8b3b6310d035f913b697ff97eff7726 |
|
| BLAKE2b-256 | b0e261a2bd38f0732840f224fe9ca0e06c2787aabb47c82ef016691a1d01ab1c |
