This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).

LFI / RCE Unauthenticated - Apache 2.4.49 & 2.4.50

LFI Finder

Sonatype Nexus Repository Manager 3 (LFI)

LFI Exploitation tool

LFI Scanner (Nuclei + Python Runner) A scalable Local File Inclusion (LFI) scanning framework combining Nuclei’s detection accuracy with a Python-based CLI runner for real-time progress, payload timing, and clean hit logging. Designed and tuned specifically for Apache + mod_security environments, this setup supports thousands of external Payloads

LfiDump is a Python-based Local File Inclusion (LFI) vulnerability scanner that helps security professionals detect potential LFI vulnerabilities in web applications

This script is used for taking advantage of a Local File Inclusion in the Wordpress mail masta plugin version 1.0, it's made in bash

This script is used for taking advantage of a Local File Inclusion in the Wordpress site editor plugin version 1.1.1, it's made in bash

LFI Striker Updated (2026) is the premier utility for advanced file inclusion testing. Experience high-speed vulnerability scanning and fully optimized tools for elite web security and penetration audits.

📂 Grafana LFI Exploit (CVE-2021-43798). Extracción automatizada de credenciales y configuración. 🕵️

LFI Fuzzer automates the detection of Local File Inclusion (LFI) vulnerabilities in web apps by appending common file paths to a target URL, supporting custom paths, traversal, and multithreading.