{"id":2390,"date":"2010-01-05T09:39:12","date_gmt":"2010-01-05T09:39:12","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2390"},"modified":"2015-09-09T19:37:46","modified_gmt":"2015-09-09T11:37:46","slug":"fimap-remote-local-file-inclusion-rfilfi-scanner","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2010\/01\/fimap-remote-local-file-inclusion-rfilfi-scanner\/","title":{"rendered":"fimap &#8211; Remote &#038; Local File Inclusion (RFI\/LFI) Scanner"},"content":{"rendered":"<p>[ad]<\/p>\n<p>fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to <a href=\"https:\/\/www.darknet.org.uk\/2009\/07\/sqlmap-0-7-released-automatic-sql-injection-tool\/\">sqlmap<\/a> just for LFI\/RFI bugs instead of sql injection. It is currently under heavy development but it\u2019s usable.<\/p>\n<p><strong>Features<\/strong><\/p>\n<ul>\n<li>Check a Single URL, List of URLs, or Google results fully automatically.<\/li>\n<li>Can identify and exploit file inclusion bugs.<\/li>\n<li>Test and exploit multiple bugs<\/li>\n<li>Has an interactive exploit mode<\/li>\n<li>Add your own payloads and patches to the config.py file.<\/li>\n<li>Has a Harvest mode which can collect URLs from a given domain for later pentesting.<\/li>\n<li>Can use proxies (experimental).<\/li>\n<\/ul>\n<p><strong>Changes<\/strong><\/p>\n<ul>\n<li>All commands will now be send base64 encoded. So you can use quotes as much as you want.<\/li>\n<li>php:\/\/input detection is now 100% reliable.<\/li>\n<li>You can now define a POST string for relative and absolute files in the config.py.<\/li>\n<li>TTL implemented. You can define it with &#8220;\u2014ttl &#8220;. Default is 30 seconds.<\/li>\n<li>Experimental HTTP Proxy support. You can define a HTTP(s) proxy with &#8220;\u2014http-proxy localhost:8080&#8221;.<\/li>\n<li>Googlescanner can now skip the first X pages. Use &#8220;\u2014skip-pages X&#8221;.<\/li>\n<li>Lots of bugfixes and additional regular expressions.<\/li>\n<\/ul>\n<p><strong>Requirements<\/strong><\/p>\n<ul>\n<li>Needs: Python >= 2.4<\/li>\n<\/ul>\n<p>You can download fimap here:<\/p>\n<p><a href=\"http:\/\/fimap.googlecode.com\/files\/fimap_alpha_v07.tar.gz\">fimap_alpha_v07.tar.gz<\/a><\/p>\n<p><!--adsense#New468--><\/p>\n<p>Or read more <a href=\"http:\/\/code.google.com\/p\/fimap\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad] fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI\/RFI bugs instead of sql injection. It is currently under heavy development but it\u2019s usable. Features Check a Single URL, List of [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10,9,15],"tags":[2622,2227,4177,4710,4692,4178,396,376],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2390"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=2390"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2390\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=2390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=2390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=2390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}