Fimap is a little python tool which can find, prepare, audit, exploit and even Google automatically for local and remote file inclusion bugs in webapps. Fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable.
Open your backtrack terminal & Type
Scan a single URL for FI errors
./fimap -u http://www.example.com/test.php?file=bang&id=23
Scan Google search results for FI errors
./fimap.py -g -q inurl:include.php
Harvest all links of a webpage
./fimap.py –H -u http://example.com–d 3 –w /tmp/urllist
- -m is for mass scanning
- -l is for list
- Scan websites using google dorks
- .fimap.py -g -q ‘inurl:include.php’
- -g for searching from google
- -q stands for the query which is to be searched in google.