fimap RFI & LFI Scanner - Exploitation Tool

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable. 
 
Features: 
 

  • Check a Single URL, List of URLs, or Google results fully automaticly.
  • Can identify and exploit file inclusion bugs.
  • Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode
  • Add your own payloads and pathes to the config.py file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • Works also on windows.
  • Can use proxys.
  • Scans and exploits GET, POST and Cookies.
  • Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.) 



Ping your blog, website, or RSS feed for Free

Do you have questions, comments, or suggestions? Feel free to post a comment! 


Get Regular Updates, Its FREE!




Share your views...

0 Respones to "fimap RFI & LFI Scanner - Exploitation Tool"

Post a Comment

Subscribe to: Post Comments (Atom)
 

About Me

Saint Andrew is a computer science student. Saint Andrew is a founder of the blog Saint Andrew's Hacking Paradise.

His mission and the aim of this blog is to make the reader aware of the existing threats and describe them in comprehensible way.

"Saint Andrew's Hacking Paradise" is a place to Learn, Understand and Explore the facts of computer technology.

You are always welcome to contact us to suggest ideas, tips, or to ask questions.

© 2011 Saint Andrew's Hacking Paradise

This blog run on iThesis Theme & hosted by Blogger