Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI
A script written in python which gathers websites potentially vulnerable to local file inclusion & makes a file named as targets.txt for future reference or manual exploitation. This script later uses the targets.txt file & start fuzzing the endpoint to check whether the website is actually vulnerable or not.

Long story short : Run this script to get a list of websites along with the vulnerable endpoints.


  • Searches for potentially vulnerable websites
  • Performs directory fuzzing at the vulnerable endpoints
  • Comes with built in searching algorithm
  • Requires an API key for more results


Loading Screen Banner:
App Screenshot

Script while it is running:
App Screenshot

Pre Requisites

Python Installed

version > 3.0


git clone https://github.com/anukulpandey/LFI-Hunter
cd LFI-Hunter
pip install requirements.txt

Run locally

python3 lfi-hunter.py



View Github