fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable.
- Check a Single URL, List of URLs, or Google results fully automatically.
- Can identify and exploit file inclusion bugs.
- Test and exploit multiple bugs
- Has an interactive exploit mode
- Add your own payloads and patches to the config.py file.
- Has a Harvest mode which can collect URLs from a given domain for later pentesting.
- Can use proxies (experimental).
- All commands will now be send base64 encoded. So you can use quotes as much as you want.
- php://input detection is now 100% reliable.
- You can now define a POST string for relative and absolute files in the config.py.
- TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
- Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.
- Googlescanner can now skip the first X pages. Use “—skip-pages X”.
- Lots of bugfixes and additional regular expressions.
- Needs: Python >= 2.4
You can download fimap here:
Or read more here.
Recent in Exploits/Vulnerabilities:
- Cupid Media Hack Exposes 42 Million Passwords In Plain Text
- Linux Backdoor Fokirtor Injects Traffic Into SSH Protocol
- Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks
- LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)
- FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability
- inspathx – Tool For Finding Path Disclosure Vulnerabilities
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 222,856 views
- AJAX: Is your application secure enough? - 118,520 views
- eEye Launches 0-Day Exploit Tracker - 84,955 views