Skip to content
/ LinuxPoisonableLogFinder Public

Security Testing Tool to identify whether a list of common log files, which may be used for log poisoning, can be accessed from an known local file inclusion vulnerability.

6 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

B2dfir/LinuxPoisonableLogFinder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
PoisonableLogFinder.py
PoisonableLogFinder.py
 
 
README.md
README.md
 
 

Repository files navigation

LinuxPoisonableLogFinder

Security testing tool to identify whether a list of common log files, which may be used for log poisoning, can be accessed from an known local file inclusion vulnerability.

You must identify a LFI vulnerability first, as well as the complete path that provides access to the root directory.

Usage: PoisonableLogFinder.py "root LFI URI" "optional terminator"

E.g. PoisonableLogFinder.py "hxxp://192.168.1.10/vuln/index.php?path=../../../../../../" "%00"

Change Log

26 Sep 2017 - V1.1

Updated to take an optional termination string parameter (such as %00), and added two log file locations: var/log/httpd-access.log var/log/httpd-error.log

24 Aug 2017 - V1.0

Initial release

About

Security Testing Tool to identify whether a list of common log files, which may be used for log poisoning, can be accessed from an known local file inclusion vulnerability.

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages