fimap is a python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection.
inspathx is a tool that uses local source tree to make requests to the URL and searches for path inclusion (Full Path Disclosure) error messages. It’s a very common problem in PHP web applications that crops up a lot.
A LFIMAP was released recently which focuses purely on LFI attacks.
Functions
- Automatically find the root of the file system.
- Detect default files outside of the web folder
- Attempts to detect passwords inside the files
- Supports basic authentication
- Can use null byte to bypass some controls
- Writes a report of the scan to a file
No comments:
Post a Comment