This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.
fimap is an LFI/RFI detection and exploitation tool written in python which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is something like sqlmap just for LFI/RFI bugs instead of SQL injection. The download link fimap.
fimap – Remote Local File Inclusion (RFI LFI) Scanner
2ff7e9595c
Comments