A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
[New Features]
konsole
in the RCE attackcore/config.py
[Improvements]
/etc/passwd
REGEX matching optional (controlled in config.py
)[Bug Fixes]
bash
as default shellsshpass
)[Improvements]
php://input
[Bug Fixes]
php://input
regression introduced in 3.2.3[Bug Fixes]
/etc/passwd
to etc/passwd
[Improvements]
/etc/passwd
as file (REGEX)[Bug Fixes]
[Bug Fixes]
[New Features]
-a 5
, crawler moved to -a A
)[Bug Fixes]
[Improvements]
-c
is handled
[New Features]
--lfi
[Improvements + Usage Changes]
--lists FILEDICT DIRDICT
and --listen IP PORT
together in 1 argument: -p2 TP P1 P2, --phase2 TP P1 P2
-p2 leak FILEDICT DIRDICT
to leak files-p2 rce IP PORT
to use the RCE module[Bug Fixes]
-a 2
) by introducing another check-c
and improved how this cookie is transferred to Arjun by the crawler--notmain
. Developers using Vailyn in their tools can add this argument if affected.[Improvements]
[Bug Fixes]
--nosploit
and no results have been found-a 2
) by introducing another check-c
and improved how this cookie is transferred to Arjun by the crawler[Improvements]
--lfi