Commit 41eca158 authored by imax's avatar imax

Updated readme.

parent 0bd0c26a
Welcome to the fimap project! Welcome to the fimap project!
============================= =============================
fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like [sqlmap](http://sqlmap.sourceforge.net) just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable. fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like [sqlmap](http://sqlmap.sourceforge.net) just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.
The goal of fimap is to improve the quality and security of **your** website. The goal of fimap is to improve the quality and security of **your** website.
**Do not use this tool on servers where you don't have permission to pentest!** **Do not use this tool on servers where you don't have permission to pentest!**
I am dead serious. I am dead serious.
* * * * * *
Find fimap on twitter: [http://twitter.com/fimap](http://twitter.com/fimap) **To clone this project, use the HTTPS link! SSH cloning doesn't work for guests.**
## Quick News for SVN and upcoming versions * * *
* fimap has moved! The official fimap site is now available at https://tha-imax.de/git/root/fimap Find fimap on twitter: [http://twitter.com/fimap](http://twitter.com/fimap)
* Thank you to https://github.com/Oweoqi for doing the hard work and converting the project from googlecode to github!
## Quick News for SVN and upcoming versions
## fimap Features
* fimap has moved! The official fimap site is now available at https://tha-imax.de/git/root/fimap
* Check a Single URL, List of URLs, or Google results fully automaticly. * Thank you to https://github.com/Oweoqi for doing the hard work and converting the project from googlecode to github!
* Can identify and exploit file inclusion bugs.
* Relative\Absolute Path Handling. ## fimap Features
* Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
* Remotefile Injection. * Check a Single URL, List of URLs, or Google results fully automaticly.
* Logfile Injection. * Can identify and exploit file inclusion bugs.
* Test and exploit multiple bugs: * Relative\Absolute Path Handling.
* include() * Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
* include_once() * Remotefile Injection.
* require() * Logfile Injection.
* require_once() * Test and exploit multiple bugs:
* You always define absolute pathnames in the configs. No monkey like redundant pathes like: * include()
* ../etc/passwd * include_once()
* ../../etc/passwd * require()
* ../../../etc/passwd * require_once()
* Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. * You always define absolute pathnames in the configs. No monkey like redundant pathes like:
* Has an interactive exploit mode which... * ../etc/passwd
* ...can spawn a shell on vulnerable systems. * ../../etc/passwd
* ...can spawn a reverse shell on vulnerable systems. * ../../../etc/passwd
* ...can do anything you can imagine through it's plugin interface. * Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages.
* Add your own payloads and pathes to the xml files or go ahead and write a new plugin. * Has an interactive exploit mode which...
* Has a Harvest mode which can collect URLs from a given domain for later pentesting. * ...can spawn a shell on vulnerable systems.
* Works also on windows. * ...can spawn a reverse shell on vulnerable systems.
* Can handle directories in RFI mode like: * ...can do anything you can imagine through it's plugin interface.
* <tt><? include ($_GET["inc"] . "/content/index.html"); ?></tt> * Add your own payloads and pathes to the xml files or go ahead and write a new plugin.
* <tt><? include ($_GET["inc"] . "_lang/index.html"); ?></tt> * Has a Harvest mode which can collect URLs from a given domain for later pentesting.
* where Null-Byte and the '?' trick is not possible. * Works also on windows.
* Can use proxys. * Can handle directories in RFI mode like:
* Scans and exploits GET, POST and Cookies. * <tt><? include ($_GET["inc"] . "/content/index.html"); ?></tt>
* Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.) * <tt><? include ($_GET["inc"] . "_lang/index.html"); ?></tt>
* Can attack also windows servers! * where Null-Byte and the '?' trick is not possible.
* Has a tiny plugin interface for writing exploitmode plugins * Can use proxys.
* Non Interactive Exploiting * Scans and exploits GET, POST and Cookies.
* Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.)
## What doesn't work yet? * Can attack also windows servers!
* Other languages than PHP (even if engine is ready for others as well.) * Has a tiny plugin interface for writing exploitmode plugins
* Non Interactive Exploiting
## Is there a How To?
## What doesn't work yet?
* Check out [this](http://kaoticcreations.blogspot.com/2011/08/automated-lfirfi-scanning-exploiting.html) post by HR from [Kaotic Creations](http://kaoticcreations.blogspot.com) which explains fimap really good :) It's a tutorial for windows but I think unix heads should understand it as well. * Other languages than PHP (even if engine is ready for others as well.)
## Credits ## Is there a How To?
* Main Developer: [Iman Karim](mailto:fimap.dev@gmail.com) * Check out [this](http://kaoticcreations.blogspot.com/2011/08/automated-lfirfi-scanning-exploiting.html) post by HR from [Kaotic Creations](http://kaoticcreations.blogspot.com) which explains fimap really good :) It's a tutorial for windows but I think unix heads should understand it as well.
* Trusted Plugins: ## Credits
* Metasploit binding by [Xavier Garcia](mailto:xavi.garcia(atom)gmail(dot)com) * Main Developer: [Iman Karim](mailto:fimap.dev@gmail.com)
* Weevily Injector by [Darren "Infodox" Martyn](mailto:infodox(atom)insecurety(dot)net) from [http://insecurety.net/](http://insecurety.net/)
* AES Reverse Shell by [Darren "Infodox" Martyn](mailto:infodox(atom)insecurety(dot)net) from [http://insecurety.net/](http://insecurety.net/) * Trusted Plugins:
* Additional thanks goes out to: * Metasploit binding by [Xavier Garcia](mailto:xavi.garcia(atom)gmail(dot)com)
* Weevily Injector by [Darren "Infodox" Martyn](mailto:infodox(atom)insecurety(dot)net) from [http://insecurety.net/](http://insecurety.net/)
* Peteris Krumins for [xgoogle](http://www.catonmat.net/blog/python-library-for-google-search/) python module. * AES Reverse Shell by [Darren "Infodox" Martyn](mailto:infodox(atom)insecurety(dot)net) from [http://insecurety.net/](http://insecurety.net/)
* Pentestmonkey for [php-reverse-shell](http://pentestmonkey.net/tools/php-reverse-shell/).
* Crummy for [BeautifulSoup](http://www.crummy.com/software/BeautifulSoup/). * Additional thanks goes out to:
* Zeth0 from [commandline.org.uk](http://commandline.org.uk/) for ssh.py.
* Peteris Krumins for [xgoogle](http://www.catonmat.net/blog/python-library-for-google-search/) python module.
* Also thanks to: * Pentestmonkey for [php-reverse-shell](http://pentestmonkey.net/tools/php-reverse-shell/).
* Crummy for [BeautifulSoup](http://www.crummy.com/software/BeautifulSoup/).
* The [Python](http://python.org) Project * Zeth0 from [commandline.org.uk](http://commandline.org.uk/) for ssh.py.
* The [Eclipse](http://eclipse.org) Project
* The [Netbeans](http://netbeans.org) Project * Also thanks to:
* The [Python](http://python.org) Project
* The [Eclipse](http://eclipse.org) Project
* The [Netbeans](http://netbeans.org) Project
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment