Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kurobeats/fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
https://github.com/kurobeats/fimap

Last synced: 9 days ago
JSON representation

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

Host: GitHub
URL: https://github.com/kurobeats/fimap
Owner: kurobeats
License: gpl-2.0
Created: 2015-03-27T06:11:25.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2022-09-12T03:50:58.000Z (about 2 years ago)
Last Synced: 2024-08-01T09:24:29.823Z (3 months ago)
Language: Python
Homepage:
Size: 364 KB
Stars: 500
Watchers: 14
Forks: 101
Open Issues: 18
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Welcome to the fimap project!

=============================

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap should be something like [sqlmap](http://sqlmap.sourceforge.net) just for LFI/RFI bugs instead of sql injection.

Originally, this tool was created by [this very awesome fellow](https://tha-imax.de/git/root/fimap/tree/master) but there hasn't been a lot of movement on the project since porting to github.

* * *

## What works currently?

*   Check a Single URL, List of URLs, or Google results fully automaticly.

*   Can identify and exploit file inclusion bugs.

*   Relative\Absolute Path Handling.

*   Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.

*   Remotefile Injection.

*   Logfile Injection.

*   Test and exploit multiple bugs:

*   include()

*   include_once()

*   require()

*   require_once()

*   You always define absolute pathnames in the configs. No monkey like redundant pathes like:

*   ../etc/passwd

*   ../../etc/passwd

*   ../../../etc/passwd

*   Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages.

*   Has an interactive exploit mode which...

*   ...can spawn a shell on vulnerable systems.

*   ...can spawn a reverse shell on vulnerable systems.

*   ...can do everything you have added in your_payload-dict_ inside the_config.py_

*   Add your own payloads and pathes to the config.py file.

*   Has a Harvest mode which can collect URLs from a given domain for later pentesting.

*   Works also on windows.

*   Can handle directories in RFI mode like:

*    include ($_GET["inc"] . "/content/index.html"); ?>

*    include ($_GET["inc"] . "_lang/index.html"); ?>

*   where Null-Byte is not possible.

*   Can use proxys.

*   Scans and exploits GET, POST and Cookies.

*   Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.)

*   Can attack also windows servers! 

*   Has a tiny plugin interface for writing exploitmode plugins 

*   Non Interactive Exploiting

## What doesn't work yet?

*   Other languages than PHP (even if engine is ready for others as well.)

## Is there a How To?

*   Check out [this](http://kaoticcreations.blogspot.com/2011/08/automated-lfirfi-scanning-exploiting.html) post by HR from [Kaotic Creations](http://kaoticcreations.blogspot.com) which explains fimap really good :) It's a tutorial for windows but I think unix heads should understand it as well.

## Credits

*   Main Developer: [Iman Karim](mailto:[email protected])

*   Trusted Plugins:

*   Metasploit binding by [Xavier Garcia](mailto:xavi.garcia(atom)gmail(dot)com)

*   Weevily Injector by [Darren "Infodox" Martyn](mailto:infodox(atom)insecurety(dot)net) from [http://insecurety.net/](http://insecurety.net/)

*   AES Reverse Shell by [Darren "Infodox" Martyn](mailto:infodox(atom)insecurety(dot)net) from [http://insecurety.net/](http://insecurety.net/)

*   Additional thanks goes out to:

*   Peteris Krumins for [xgoogle](http://www.catonmat.net/blog/python-library-for-google-search/) python module.

*   Pentestmonkey for [php-reverse-shell](http://pentestmonkey.net/tools/php-reverse-shell/).

*   Crummy for [BeautifulSoup](http://www.crummy.com/software/BeautifulSoup/).

*   Zeth0 from [commandline.org.uk](http://commandline.org.uk/) for ssh.py.

*   Also thanks to:

*   The [Python](http://python.org) Project

*   The [Eclipse](http://eclipse.org) Project

*   The [Netbeans](http://netbeans.org) Project