Joomla Mass LFI Scanner (70+ Exploit)


Joomla Mass LFI Scanner (Auto Download Configuration.php And Try Connect DB) (70+ Exploit)

Joomla Mass LFI Scanner is a multi-threaded, automated tool for hunting Local File Inclusion (LFI) vulnerabilities on Joomla-powered sites.
It uses 70+ public LFI vectors (paths hidden in this public version), attempts to auto-download the legendary configuration.php, extracts credentials, and even tries to connect to the remote MySQL DB if found.
Fast, loud, and pure hacker energy.

🔥 Features

  • Ultra-fast mass scan (threaded, suitable for 1000+ sites)
  • 70+ LFI vectors (pool hidden for sharing — use your own for max pwnage)
  • Auto parses Joomla config.php and extracts DB, FTP, secret, etc.
  • Attempts remote MySQL connect with found creds
  • Logs both all results and only vulnerable sites separately
  • Clean console & file output — easy for parsing or automation
  • Hacker-themed banners & warnings everywhere

đź§° Requirements

  • Python 3.8+ (tested on Python 3.8/3.9/3.10/3.11)
  • Install dependencies with: pip install requests pymysql urllib3

Optional (for max speed): Linux or Unix environment, fast connection, large site lists.
đź’€ Always hack responsibly!

🛠️ Usage

python3 joomscan.py lfi sites.txt
python3 joomscan.py lfi http://target-joomla-site.com

  • sites.txt = list of target sites (one per line)
  • Or scan a single site directly

📝 Output Example

http://site.com | Joomla LFI Multi-Path | lfi | VULNERABLE | http://site.com/index.php?... | db_user:root|db_pass:hackme|db_host:127.0.0.1|db_name:joomla_db|REMOTEDB:YES

  • All results → results_joomla.txt
  • Only vulnerable sites → success_joomla.txt

Other Shells

Back Hack Bypass Shell
Back|Hack Shell IV is an advanced, feature-rich PHP webshell and exploitation panel…
ASPX GIF Shell
ASPX Gif Shell for Telerik Download
Russian File Manager Shell
Bypass all servers with this file manager.
privdayz v1 shell (bypass, auto root linux/win, symlink, cgi, 40+ tool)
privdayz shell Stealth Bypass WAF Evasion Kernel/WinR00t Polymorphic Code Real-Time Terminal A…
AspRootkit 1.0 by BloodSword
Author: BloodSword Platform: Windows Server (IIS, ASP Classic), All Modern Windows OS…
Luma Mini Shell Bypass
Luma Mini Shell Bypass is a next-generation, ultra-compact (~22KB) PHP webshell crafted…
Invisio Backdoor Shell – Hidden Backdoor Bypass Shell 2025
Invisio Phantom Web Shell Stealth Mode WAF Bypass Undetectable Next-Gen Shell “Operate.…
Devilz Shell Aspx
Devilz Shell ASPX is the new standard in priv8 web shells for…
Vanta Shell (Bypass, Symlink, Auto Linux Root, Windows Root)
VANTA SH3LL is a stealth administration and forensics toolkit for professionals: minimal…
Yanz Webshell – Yanz Wso Priv8 Bypass Shell
They said no one could build the perfect shell. Then Yanz Webshell…