Fimap is a little python tool which can find, prepare, audit, exploit and even Google automatically for local and remote file inclusion bugs in webapps. Fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable.

Open your backtrack terminal & Type

 cd /pentest/web/fimap

Scan a single URL for FI errors

./fimap -u http://www.example.com/test.php?file=bang&id=23

Scan Google search results for FI errors

./fimap.py  -g  -q  inurl:include.php

Harvest all links of a webpage

./fimap.py –H  -u  http://example.com–d 3 –w /tmp/urllist

  • -m is for mass scanning
  • -l is for list
  • Scan websites using google dorks
  • .fimap.py -g -q ‘inurl:include.php’
  • -g for searching from google
  • -q stands for the query which is to be searched in google.

Website: http://fimap.googlecode.com

Raj Chandel

Raj Chandel is a Skilled and Passionate IT Professional especially in IT-Hacking Industry. At present other than his name he can also be called as An Ethical Hacker, A Cyber Security Expert, A Penetration Tester. With years of quality Experience in IT and software industry.His interests are mainly in system exploitation and vulnerability research. Contact me: [email protected]

More Posts

Follow Me:
TwitterFacebookGoogle Plus