[Panoptic] Automates the process of search and retrieval of content for common log and config files through LFI vulnerability

Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability. Official introductionary post can be found here. Also, you can find a sample run here.

Help Menu

Usage: panoptic.py --url TARGET [options]

Options:
-h/--help show this help message and exit
-v/--verbose display extra output information
-u/--url=URL set target URL
-p/--param=PARAM set parameter name to test for (e.g. "page")
-d/--data=DATA set data for HTTP POST request (e.g. "page=default")
-t/--type=TYPE set type of file to look for ("conf" or "log")
-o/--os=OS set filter name for OS (e.g. "*NIX")
-s/--software=SOFT.. set filter name for software (e.g. "PHP")
-c/--category=CATE.. set filter name for category (e.g. "FTP")
-l/--list=GROUP list available filters for group (e.g. "software")
-a/--auto avoid user interaction by using default options
-w/--write-files write content of retrieved files to output folder
-x/--skip-parsing skip special tests if *NIX passwd file is found
--ignore-proxy ignore system default HTTP proxy
--proxy=PROXY set proxy (e.g. "socks5://192.168.5.92")
--user-agent=UA set HTTP User-Agent header value
--random-agent choose random HTTP User-Agent header value
--cookie=COOKIE set HTTP Cookie header value (e.g. "sid=foobar")
--header=HEADER set a custom HTTP header (e.g. "Max-Forwards=10")
--prefix=PREFIX set prefix for file path (e.g. "../")
--postfix=POSTFIX set postfix for file path (e.g. "")
--multiplier=MULTI.. set multiplication number for prefix (e.g. 10)
--bad-string=STRING set a string occurring when file is not found
--replace-slash=RE.. set replacement for char / in paths (e.g. "/././")
--update update Panoptic from official repository

Examples

./panoptic.py --url "http://localhost/lfi.php?file=test.txt"
./panoptic.py --url "http://localhost/lfi.php?file=test.txt&id=1" --param file
./panoptic.py --url "http://localhost/lfi.php" --data "file=test.txt&id=1" --param file

./panoptic.py --list software
./panoptic.py --list category
./panoptic.py --list os

./panoptic.py -u "http://localhost/lfi.php?file=test.txt" --os Windows
./panoptic.py -u "http://localhost/lfi.php?file=test.txt" --software WAMP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s