Skills
.Work. You
Rest

lfi

Official

Exploit file inclusion vulnerabilities.

Software Engineering#code execution#lfi#rfi#path traversal#file inclusion#php wrappers
Authorblacklanternsecurity
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps penetration testers identify and exploit Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities to access sensitive files and potentially achieve code execution.

Core Features & Use Cases

  • LFI/RFI Identification: Detects and attempts to exploit file inclusion flaws.
  • Traversal & Bypass: Handles various path traversal techniques and bypasses for common filters.
  • PHP Wrapper Exploitation: Leverages php://filter, data://, and php://input for code execution and source code extraction.
  • Log Poisoning & Session Exploitation: Utilizes log files and session data for LFI to RCE.
  • Use Case: When a web application parameter is found to be vulnerable to LFI, this Skill can be used to read sensitive configuration files like /etc/passwd or even achieve remote code execution by poisoning log files.

Quick Start

Use the lfi skill to attempt to read the file /etc/passwd from the target URL.

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: lfi
Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#lfi

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.