Joomla Mass LFI Scanner (70+ Exploit)


Joomla Mass LFI Scanner (Auto Download Configuration.php And Try Connect DB) (70+ Exploit)

Joomla Mass LFI Scanner is a multi-threaded, automated tool for hunting Local File Inclusion (LFI) vulnerabilities on Joomla-powered sites.
It uses 70+ public LFI vectors (paths hidden in this public version), attempts to auto-download the legendary configuration.php, extracts credentials, and even tries to connect to the remote MySQL DB if found.
Fast, loud, and pure hacker energy.

🔥 Features

  • Ultra-fast mass scan (threaded, suitable for 1000+ sites)
  • 70+ LFI vectors (pool hidden for sharing — use your own for max pwnage)
  • Auto parses Joomla config.php and extracts DB, FTP, secret, etc.
  • Attempts remote MySQL connect with found creds
  • Logs both all results and only vulnerable sites separately
  • Clean console & file output — easy for parsing or automation
  • Hacker-themed banners & warnings everywhere

đź§° Requirements

  • Python 3.8+ (tested on Python 3.8/3.9/3.10/3.11)
  • Install dependencies with: pip install requests pymysql urllib3

Optional (for max speed): Linux or Unix environment, fast connection, large site lists.
đź’€ Always hack responsibly!

🛠️ Usage

python3 joomscan.py lfi sites.txt
python3 joomscan.py lfi http://target-joomla-site.com

  • sites.txt = list of target sites (one per line)
  • Or scan a single site directly

📝 Output Example

http://site.com | Joomla LFI Multi-Path | lfi | VULNERABLE | http://site.com/index.php?... | db_user:root|db_pass:hackme|db_host:127.0.0.1|db_name:joomla_db|REMOTEDB:YES

  • All results → results_joomla.txt
  • Only vulnerable sites → success_joomla.txt

Other Shells

Joomla Admin Login Backdoor Shell
Joomla Admin Helper Backdoor is a 100% stealth single-file PHP admin &…
Invisio Bypass Backdoor Shell v2.0
A cutting-edge PHP shell for redteamers, pentesters, and security researchers – bypassing…
Vinzz Webshell
Vinzz WebShell is a well-known example of a web-based command interface often…
Privdayz Special WordPress Backdoor Shell
Privdayz Special WordPress Backdoor Shell is a highly specialized tool designed for…
Priv Litespeed/Nginx Bypass 2025 Shell
Priv Litespeed/Nginx Bypass 2025 Shell
WAF Bypass PHP Javascript Upload Shell
WAF Bypass PHP Upload Shell Javascript edition. 0day by privdayz.com.
Devilz Shell Aspx
Devilz Shell ASPX is the new standard in priv8 web shells for…
Upload Shell
You can download PHP Upload shell with privdayz.com Access to shell: upload.php?privdayz…
Wso Shell
Wso shell is on the most common sheller list, it is one…
IndoXploit Shell v3
IndoXploit webshell V.3 is a PHP based webshell or indirect access with…