RFI Vulnerability Scanner

Crashtest Security Suite is an automated scanner tool that checks for Remote File Inclusion Vulnerability and Local File Inclusion Vulnerability quickly and easily.

  • Scan for RFI and LFI vulnerabilities
  • Detect OWASP Top 10 vulnerabilities (XSS, SQL injections, XXE, and many more)
  • Get security reports and remediations advice
  • Automated online SaaS RFI vulnerability scanner


RFI scanner features

By running security tests on your web application, the RFI scanner looks for Remote File Inclusion Vulnerabilities. Our solution is known as automated pentest software or DAST. We focus on working the same way a human cybersecurity expert would do. In this case, however, the results are faster and less expensive than manual pen-testing. You don’t need to spend hours searching for your vulnerabilities. It takes less than 5 minutes to:


Create and verify your scan target.



Configure the credentials for the system and the application.


CI integration

Create a webhook and start a scan via the CI Integration.


Get notifications

Integrate a chat notification system (Slack, Mattermost, Hangouts, and many more.)


Download the report

Get reports with remediation guidance, risk assessments, and solutions for every vulnerability discovered.



RFI scanner benefits

  • Share vulnerability reports in PDF, XML/JSON, or CSV formats with your team.
  • Check for other flaws, such as those on the OWASP Top 10 list for 2021.
  • Limit the damage loss and protect your users from the vast increase in cyber breaches.
  • Test HTML-based web apps, JavaScript, AJAX, HTML5, Multi-Page and Single-Page Applications, and APIs.
  • Easily integrate into your development pipeline and workflow.


Ample remote file inclusion report

The RFI report is a sophisticated tool that gives you full details about your cybersecurity posture. Check out how to correct what’s failing and save manual testing effort and money on cyber defense.

Vulnerability overview

The report starts with a high-level overview of the data breaches in your scan target, including the severity of the threats and their effects. You’ll find a list of every remote file inclusion attack vector and other security details.

Remediation suggestions

Each discovered vulnerability comes with risk classification, description, and detailed instructions for how to fix the problem.

Continuous Security

More reasons for continuous RFI testing

Automated Pentesting

Perform regular black box pentests on your web assets and spend less on infrequent manual penetration tests.

Cybersecurity Risk Reduction

Benchmark your next release against OWASP Top 10 and other known vulnerabilities.

Schedule Scans

Match vulnerability scanning to your agile dev cycle.

Ensure Compliance

Scan every new release before deployment and ensure compliance with regulations and standards (HIPAA, GDPR, ISO, and many more).

Faster Vulnerability Detection

Detect and mitigate vulnerabilities quicker by scanning your web assets regularly.

Integrated Dev Pipeline

Integrate vulnerability scanning into your dev process and environment and shift security left.



What is file inclusion?

An attacker can include arbitrary files into the web application via a local or remote file inclusion, exposing sensitive files. Occasionally, the attacker can run malicious code on the webserver and completely seize control of the system.

Attackers can use them to gain access to other connected systems, resulting in application downtime and data loss. As a result, it is critical to comprehend the nature of these attacks and how they might be avoided.

What is remote file inclusion?

An attacker can utilize remote file inclusion (RFI) to have a web application include a remote file. For web apps that dynamically integrate external files or scripts. A successful RFI attack can result in sensitive information leakage, Cross-site Scripting (XSS), remote code execution, and full system control in the worst-case scenario.

What is the difference between remote and local file inclusion?

An attacker can use remote file inclusion (RFI) to have a web application include a remote file. This is conceivable for web apps that dynamically integrate external files or scripts.

How to prevent File Inclusion vulnerability?

  • Never include files straight from user-modifiable variables.
  • Validate user input. The easiest method to avoid this issue is to hardcode any files you need to include. Nevertheless, maintaining a whitelist of files authorized to be included may be better. Any other file requested by the user may be denied.
  • Avoid Remote File Inclusion. If you do not need the inclusion of remote files, you can set “allow_url_include=off” in your php.ini file to disable the inclusion of remote files.