![# [e]XcaLibuR ~](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMhsuRakTAF0fFf04rdwBhv5RcgsFRryqR9e-wbEXY4K-F6CrcSnmXeT7KkMI8R8HwLzUR1ZCJWD2pLW4XDrc7iT1HoUuHE-OI5Oy7yBEypKSAEIKEq9mij7xClVdqkEdRffA1lsZvMg/s1600-r/banner.png)
#FIMAP RFI,LFI penetrasyon testleri için kullanılan basit ve inanılmaz bir araçtır.Python diliyle yazılmıştır.
#Tek bir siteyi.
#Site içerisinde bir scripti.
#Bir txt dosyasındaki tüm siteleri
#Veee googlede dork tarayıp bulabileceği belirteceğiniz sayıdaki siteleri tek bir komutla bu programda tarayabilirsiniz.
#Bazı komutlar:
1. Scan a single URL for FI errors:
./fimap.py -u ’http://localhost/test.php?file=bang&id=23’
2. Scan a list of URLS for FI errors:
./fimap.py -m -l ’/tmp/urllist.txt’
3. Scan Google search results for FI errors:
./fimap.py -g -q ’inurl:include.php’
4. Harvest all links of a webpage with recurse level of 3 and
write the URLs to /tmp/urllist
./fimap.py -H -u ’http://localhost’ -d 3 -w /tmp/urllist
imax@DevelB0x:~$ fimap -u "http://localhost/vulnerable.php?inc=index.php"
fimap v.01 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
SingleScan is testing URL: ’http://localhost/vulnerable.php?inc=index.php’
[OUT] Parsing URL ’http://localhost/vulnerable.php?inc=index.php’...
[INFO] Fiddling around with URL...
[OUT] Possible file inclusion found! -> ’http://localhost/vulnerable.php?inc=283wnWJP’ with Parameter ’inc’.
[OUT] Identifing Vulnerability ’http://localhost/vulnerable.php?inc=index.php’ with Key ’inc’...
[INFO] Scriptpath received: ’/var/www’
[INFO] Testing file ’/etc/passwd’...
[INFO] Testing file ’/proc/self/environ’...
[INFO] Testing file ’php://input’...
[INFO] Testing file ’http://www.phpbb.de/index.php’...
[INFO] Testing file ’http://www.uni-bonn.de/Frauengeschichte/index.html’...
[INFO] Testing file ’http://www.kah-bonn.de/index.htm?presse/winterthur.htm’...
# [1]Possible File Injection
# [URL]http://localhost/vulnerable.php?inc=index.php
# [PARAM] inc
# [PATH] /var/www
# [TYPE] Absolute Clean + Remote injection
# [NULLBYTE] No Need. It’s clean.
# [READABLE FILES]
# [0] /etc/passwd
# [1] php://input
# [2] http://www.phpbb.de/index.php
# [3] http://www.uni-bonn.de/Frauengeschichte/index.html
# [4] http://www.kah-bonn.de/index.htm?presse/winterthur.htm
#Program LFI/RFI için profesyonel bir tooldur ve kesinlikle tavsiyedir.
#Download : RapidShare
#RarŞifre : excalibur
Hiç yorum yok:
Yorum Gönder