Loading...
Wednesday, June 27, 2012

fimap - tool for local and remote file inclusion auditing and exploitation

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable.
Features
  • Check a Single URL, List of URLs, or Google results fully automatically.
  • Can identify and exploit file inclusion bugs.
  • Test and exploit multiple bugs
  • Has an interactive exploit mode
  • Add your own payloads and patches to the config.py file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • Can use proxies (experimental).
Changes
  • All commands will now be send base64 encoded. So you can use quotes as much as you want.
  • php://input detection is now 100% reliable.
  • You can now define a POST string for relative and absolute files in the config.py.
  • TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
  • Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.
  • Googlescanner can now skip the first X pages. Use “—skip-pages X”.
  • Lots of bugfixes and additional regular expressions.
Requirements
Needs: Python >= 2.4
You can download fimap here:
fimap_alpha_v07.tar.gz

Visit Website :
http://code.google.com/p/fimap/

For More Information -
http://www.hackersonlineclub.com/lfi-rfi

http://securitytroubleshooting.blogspot.in/2011/06/fimap-remote-local-file-inclusion.html 
http://securitytube-tools.net/index.php?title=Fimap
Video
http://www.youtube.com/watch?v=eUcq8moRT88&feature=player_embedded

0 comments:

Post a Comment

 
TOP