> ## Documentation Index
> Fetch the complete documentation index at: https://support.blackbirdsec.eu/llms.txt
> Use this file to discover all available pages before exploring further.

# LFI, RFI & LFD Scanner

> L8R (LFISCANNER) is an advanced Local File Inclusion (LFI), Remote File Inclusion (RFI) & Local File Disclosure (LFD) Scanner.

## Overview

L8R (LFISCANNER) is an advanced tool for identifying Local File Inclusion (LFI), Remote File Inclusion (RFI) and Local File Disclosure (LFD) vulnerabilities. These issues (CWE-98 and CWE-73) are often rated as critical-severity due to their potential for arbitrary code execution or unauthorized access to sensitive system files.

L8R's thorough scanning capabilities help uncover these high-risk vulnerabilities effectively.

## Usage Examples

You can specify a list of target URLs for L8R to check for Local File Inclusion, Remote File Inclusion and Local File Disclosure vulnerabilities. Optionally, you may [configure any settings](/pentesting-tools/global-configuration) you'd like. Afterward, simply click on **Scan** to launch your scan.

Shortly after your scan has been launched, you will be redirected to the page to view your pending scan.

<img src="https://mintcdn.com/novasecurity/bnD-0b9ht-jotL_z/images/pentesting-tools/l8r/usage.png?fit=max&auto=format&n=bnD-0b9ht-jotL_z&q=85&s=100d9b5bd7e8eef8d9e1cc9696842c03" width="1919" height="888" data-path="images/pentesting-tools/l8r/usage.png" />

<Warning>
  You must provide a list of target URLs to scan for vulnerabilities, not base URLs or root domains. A few examples:

  Correct:

  <Icon icon="check" /> `https://example.com/path/to/scan?param1=xyz&param2=xyz`

  <Icon icon="check" /> `https://api.example.com/path/to/scan2`

  Incorrect:

  <Icon icon="xmark" /> `https://example.com/`

  <Icon icon="xmark" /> `https://app.example.com/`
</Warning>

## Capabilities

L8R (LFISCANNER) is an advanced Local File Inclusion (LFI), Remote File Inclusion (RFI) & Local File Disclosure (LFD) scanner equipped with the following capabilities:

<AccordionGroup>
  <Accordion title="Local File Inclusion (LFI), Remote File Inclusion (RFI) & Local File Disclosure (LFD) Detection">
    L8R is an advanced tool to help you detect Local File Inclusion (LFI), Remote File Inclusion (RFI) & Local File Disclosure (LFD) vulnerabilities.
  </Accordion>

  <Accordion title="Integrated OAST Server">
    L8R uses [your private OAST Server](/oast-server/oast-server) to validate flagged vulnerabilities to provide a false-positive free experience.
  </Accordion>

  <Accordion title="Advanced Payloads With WAF Bypasses">
    Advanced Payloads with Web Application Firewall (WAF) bypasses for popular firewalls like Cloudflare, Akamai, etc.
  </Accordion>
</AccordionGroup>

## Limitations

There are currently no limitations reported for L8R.

## Best Practices

We recommend you to follow the [best practices that we've outlined in detail](/getting-started/best-practices).