.\" Generated by kramdown-man 1.0.1 .\" https://github.com/postmodern/kramdown-man#readme .TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals" .SH NAME .PP ronin\-vulns\-lfi \- Scans URL(s) for Local File Inclusion (LFI) vulnerabilities .SH SYNOPSIS .PP \fBronin\-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC] .SH DESCRIPTION .PP Scans URL(s) for Local File Inclusion (LFI) vulnerabilities\. The URLs to scan can be given as additional arguments or read from a file using the \fB\-\-input\fR option\. .SH ARGUMENTS .TP \fIURL\fP A URL to scan\. .SH OPTIONS .TP \fB\-\-db\fR \fINAME\fP The database name to connect to\. Defaults to \fBdefault\fR if not given\. .TP \fB\-\-db\-uri\fR \fIURI\fP The database URI to connect to (ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\. .TP \fB\-\-db\-file\fR \fIPATH\fP The sqlite3 database file to use\. .TP \fB\-\-import\fR Imports discovered vulnerabilities into the database\. .TP \fB\-\-first\fR Only find the first vulnerability for each URL\. .TP \fB\-A\fR, \fB\-\-all\fR Find all vulnerabilities for each URL\. .TP \fB\-\-print\-curl\fR Also prints an example \fBcurl\fR command for each vulnerability\. .TP \fB\-\-print\-http\fR Also prints an example HTTP request for each vulnerability\. .TP \fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR Sets the HTTP request method to use\. .TP \fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq] Sets an additional header using the given \fIName\fP and \fIvalue\fP\. .TP \fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP Sets the \fBUser\-Agent\fR header string\. .TP \fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR Sets the \fBUser\-Agent\fR header\. .TP \fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP Sets the raw \fBCookie\fR header\. .TP \fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\. .TP \fB\-R\fR, \fB\-\-referer\fR \fIURL\fP Sets the \fBReferer\fR header\. .TP \fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\. .TP \fB\-\-test\-query\-param\fR \fINAME\fP Tests the URL query param name\. .TP \fB\-\-test\-all\-query\-params\fR Test all URL query param names\. .TP \fB\-\-test\-header\-name\fR \fINAME\fP Tests the HTTP Header name\. .TP \fB\-\-test\-cookie\-param\fR \fINAME\fP Tests the HTTP Cookie name\. .TP \fB\-\-test\-all\-cookie\-params\fR Test all Cookie param names\. .TP \fB\-\-test\-form\-param\fR \fINAME\fP Tests the form param name\. .TP \fB\-i\fR, \fB\-\-input\fR \fIFILE\fP Reads URLs from the given \fIFILE\fP\. .TP \fB\-O\fR, \fB\-\-os\fR \fBunix\fR\[or]\fBwindows\fR Sets the OS to test for\. .TP \fB\-D\fR, \fB\-\-depth\fR \fICOUNT\fP Sets the directory depth to escape up\. .TP \fB\-B\fR, \fB\-\-filter\-bypass\fR \fBnull\[ru]byte\fR\[or]\fBdouble\[ru]escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR Sets the filter bypass strategy to use\. .TP \fB\-h\fR, \fB\-\-help\fR Print help information\. .SH AUTHOR .PP Postmodern .MT postmodern\.mod3\[at]gmail\.com .ME .SH SEE ALSO .PP .BR ronin\-vulns\-rfi (1) .BR ronin\-vulns\-scan (1)