Skip to content
/ filter-shell Public

Interactive CLI tool for exploiting LFI via PHP filter chaining — a wrapper around Synacktiv’s php_filter_chain_generator.

License

MIT license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tuckerweibell/filter-shell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
filter-shell.gif
filter-shell.gif
 
 
filter_shell.rb
filter_shell.rb
 
 

Repository files navigation

Filter Shell

Filter Shell is a wrapper CLI tool built on top of php_filter_chain_generator by Synacktiv. It exploits Local File Inclusion (LFI) vulnerabilities via PHP filter chaining to execute commands remotely without requiring file uploads. See LFI2RCE via PHP Filters.

Filter Shell

Features

  • Interactive shell interface for command execution through LFI vulnerabilities
  • Supports command checking with URL length estimation
  • Supports raw filter chain payload generation
  • Basic remote OS detection (Linux/Windows)
  • Basic help and usability commands

Prerequisites

  • Ruby (tested on Ruby 2.7+)
  • Python 3
  • Command-line tools: curl, git, grep, xargs (usually pre-installed on Linux/macOS)
  • Internet connection for cloning the dependency repository

Installation

  1. Clone or download this repository:
git clone https://github.com/yourusername/filter-shell.git
cd filter-shell

Usage

ruby filter_shell.rb 'http://TARGET:PORT/PATH?PARAM='

About

Interactive CLI tool for exploiting LFI via PHP filter chaining — a wrapper around Synacktiv’s php_filter_chain_generator.

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages