[ad]
fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable.
Features
- Check a Single URL, List of URLs, or Google results fully automatically.
- Can identify and exploit file inclusion bugs.
- Test and exploit multiple bugs
- Has an interactive exploit mode
- Add your own payloads and patches to the config.py file.
- Has a Harvest mode which can collect URLs from a given domain for later pentesting.
- Can use proxies (experimental).
Changes
- All commands will now be send base64 encoded. So you can use quotes as much as you want.
- php://input detection is now 100% reliable.
- You can now define a POST string for relative and absolute files in the config.py.
- TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
- Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080”.
- Googlescanner can now skip the first X pages. Use “—skip-pages X”.
- Lots of bugfixes and additional regular expressions.
Requirements
- Needs: Python >= 2.4
You can download fimap here:
Or read more here.
SnApO says
Wow…. thats amazing ;=)
would give it a try todays afternoon ;=)))))
cheers and good luck.
And a Compliment to the Writer of this Blog, Clear and good searched Content. I wish you much readers in the future……….
SYN - syntex says
thats amazing , good luck
Dozzyjean DOzie says
Wooooooooooooo cool also, i love these more than rfiscan.py very simple to use and understand, perfect a very big thanks to you brain.