filter-shell

filter-shell

6 Stars New

Interactive CLI tool for exploiting LFI via PHP filter chaining — a wrapper around Synacktiv’s php_filter_chain_generator.

tuckerweibell
Web-security
Jun 01, 2025
6 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Web-security
GitHub Stars
6
Project Added On
Jun 01, 2025
Contributors
1

README.md

View on GitHub

Filter Shell

Filter Shell is a wrapper CLI tool built on top of php_filter_chain_generator by Synacktiv. It exploits Local File Inclusion (LFI) vulnerabilities via PHP filter chaining to execute commands remotely without requiring file uploads. See LFI2RCE via PHP Filters.

Filter Shell

Features

  • Interactive shell interface for command execution through LFI vulnerabilities
  • Supports command checking with URL length estimation
  • Supports raw filter chain payload generation
  • Basic remote OS detection (Linux/Windows)
  • Basic help and usability commands

Prerequisites

  • Ruby (tested on Ruby 2.7+)
  • Python 3
  • Command-line tools: curl, git, grep, xargs (usually pre-installed on Linux/macOS)
  • Internet connection for cloning the dependency repository

Installation

  1. Clone or download this repository:
git clone https://github.com/yourusername/filter-shell.git
cd filter-shell

Usage

ruby filter_shell.rb 'http://TARGET:PORT/PATH?PARAM='

Tool Information

Author

tuckerweibell

Project Added On

June 01, 2025

License

Open Source

Tags

security tool
View on GitHub

Related Tools

archerysec

archerysec

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

Stable
Advanced-SQL-Injection-Cheatsheet

Advanced-SQL-Injection-Cheatsheet

A cheat sheet that contains advanced queries for SQL Injection of all types.

Stable
View more Web-security tools