Joomla Mass LFI Scanner (70+ Exploit)

Joomla Mass LFI Scanner (Auto Download Configuration.php And Try Connect DB) (70+ Exploit)

Joomla Mass LFI Scanner is a multi-threaded, automated tool for hunting Local File Inclusion (LFI) vulnerabilities on Joomla-powered sites.
It uses 70+ public LFI vectors (paths hidden in this public version), attempts to auto-download the legendary configuration.php, extracts credentials, and even tries to connect to the remote MySQL DB if found.
Fast, loud, and pure hacker energy.

🔥 Features

• Ultra-fast mass scan (threaded, suitable for 1000+ sites)
• 70+ LFI vectors (pool hidden for sharing — use your own for max pwnage)
• Auto parses Joomla config.php and extracts DB, FTP, secret, etc.
• Attempts remote MySQL connect with found creds
• Logs both all results and only vulnerable sites separately
• Clean console & file output — easy for parsing or automation
• Hacker-themed banners & warnings everywhere

🧰 Requirements

• Python 3.8+ (tested on Python 3.8/3.9/3.10/3.11)
• Install dependencies with: pip install requests pymysql urllib3

Optional (for max speed): Linux or Unix environment, fast connection, large site lists.
💀 Always hack responsibly!

🛠️ Usage

python3 joomscan.py lfi sites.txt
python3 joomscan.py lfi http://target-joomla-site.com


• sites.txt = list of target sites (one per line)
• Or scan a single site directly

📝 Output Example

http://site.com | Joomla LFI Multi-Path | lfi | VULNERABLE | http://site.com/index.php?... | db_user:root|db_pass:hackme|db_host:127.0.0.1|db_name:joomla_db|REMOTEDB:YES


• All results → results_joomla.txt
• Only vulnerable sites → success_joomla.txt