Joomla Mass LFI Scanner (70+ Exploit)


Joomla Mass LFI Scanner (Auto Download Configuration.php And Try Connect DB) (70+ Exploit)

Joomla Mass LFI Scanner is a multi-threaded, automated tool for hunting Local File Inclusion (LFI) vulnerabilities on Joomla-powered sites.
It uses 70+ public LFI vectors (paths hidden in this public version), attempts to auto-download the legendary configuration.php, extracts credentials, and even tries to connect to the remote MySQL DB if found.
Fast, loud, and pure hacker energy.

🔥 Features

  • Ultra-fast mass scan (threaded, suitable for 1000+ sites)
  • 70+ LFI vectors (pool hidden for sharing — use your own for max pwnage)
  • Auto parses Joomla config.php and extracts DB, FTP, secret, etc.
  • Attempts remote MySQL connect with found creds
  • Logs both all results and only vulnerable sites separately
  • Clean console & file output — easy for parsing or automation
  • Hacker-themed banners & warnings everywhere

đź§° Requirements

  • Python 3.8+ (tested on Python 3.8/3.9/3.10/3.11)
  • Install dependencies with: pip install requests pymysql urllib3

Optional (for max speed): Linux or Unix environment, fast connection, large site lists.
đź’€ Always hack responsibly!

🛠️ Usage

python3 joomscan.py lfi sites.txt
python3 joomscan.py lfi http://target-joomla-site.com

  • sites.txt = list of target sites (one per line)
  • Or scan a single site directly

📝 Output Example

http://site.com | Joomla LFI Multi-Path | lfi | VULNERABLE | http://site.com/index.php?... | db_user:root|db_pass:hackme|db_host:127.0.0.1|db_name:joomla_db|REMOTEDB:YES

  • All results → results_joomla.txt
  • Only vulnerable sites → success_joomla.txt

Other Shells

Joomla Admin Login Backdoor Shell
Joomla Admin Helper Backdoor is a 100% stealth single-file PHP admin &…
Megawaty File Manager
Megawaty File Manager is a modern, stylish PHP-based file manager (webshell) designed…
pHpmyadmin Shell
[WARNING] This tool is for advanced operators, red teamers, and real underground…
1337 Bypass Shell
1337 3YP455 5H311 is a legendary, classic PHP webshell tool designed for…
Advanced File Manager Bypass
Advanced File Manager Bypass
index attacker symlink bypass 404 shell
Index Attacker Symlink-Bypass 404 Shell, Cgi Telnet, Exploiter, Scanner, Auto tools, Mass…
Alfa Shell 4.1 Decoded Version
Alfa Shell Decoded Version  
Priv Webadmin Aspx Shell
Priv Webadmin Aspx Shell
IndoXploit Shell v3
IndoXploit webshell V.3 is a PHP based webshell or indirect access with…