Saturday, August 23, 2014

Remote & Local file Inclusion Testing Tools

Fimap:

              A little tool for local and remote file inclusion auditing and exploitation.

              Fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

              The goal of fimap is to improve the quality and security of your website.


What works currently?

  • Check a Single URL, List of URLs, or Google results fully automaticly.
  • Can identify and exploit file inclusion bugs.
    • Relative\Absolute Path Handling.
    • Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
    • Remotefile Injection.
    • Logfile Injection. (FimapLogInjection)
  • Test and exploit multiple bugs:
    • include()
    • include_once()
    • require()
    • require_once()
  • You always define absolute pathnames in the configs. No monkey like redundant pathes like:
    • ../etc/passwd
    • ../../etc/passwd
    • ../../../etc/passwd
  • Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode
  • Has an interactive exploit mode which...
    • ...can spawn a shell on vulnerable systems.
    • ...can spawn a reverse shell on vulnerable systems.
    • ...can do everything you have added in your payload-dict inside the config.py
  • Add your own payloads and pathes to the config.py file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • Goto FimapHelpPage for all features.
  • Works also on windows.
  • Can handle directories in RFI mode like:
    • <? include ($_GET["inc"] . "/content/index.html"); ?>
    • <? include ($_GET["inc"] . "_lang/index.html"); ?>
    • where Null-Byte is not possible.
  • Can use proxys.
  • Scans and exploits GET, POST and Cookies.
  • Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.)
  • Can attack also windows servers! (WindowsAttack)
  • Has a tiny plugin interface for writing exploitmode plugins (PluginDevelopment)
  • Non Interactive Exploiting (FimapNonInteractiveExec
 Download Link : https://code.google.com/p/fimap/downloads/list

Uniscan:
             is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Uniscan is a Remote File Include and Local File Include and Remote Command Execution vulnerability scanner.

This tool identify six vulnerability :-

* Blind SQL-Injection

* Remote File Include (RFI)

* Local File Include (LFI)

* Remote Command Execution (RCE)

* Cross-Site Scripting (XSS)

* SQL-Injection (SQL-i)



Download Link : http://sourceforge.net/projects/uniscan/

 Darkjumper.py:
                       This tool will try to find every website that host at the same server at your target Then check for every vulnerability of each website that host at the same server.

Features

  • scan sql injection, rfi, lfi, blind sql, rce injection
  • autosql injector
  • proxy support
  • verbocity added
  • autoftp bruteforcer
  • IP or Proxy checker and GeoIP

 Download Link : http://sourceforge.net/projects/darkjumper/


 Simple Local File Inclusion:

     
Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage
./lfi_sploiter.py –exploit-url= –vulnerable-parameter=

Usage example
./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file

Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.

Download Link : http://www.xenuser.org/my-tools/


                                   

3 comments:

  1. microsoft infopath 2010 product key , Genuine Windows 10 Pro Online Key Sale , windows 7 pro product key , windows 7 professional product key , working windows 7 home premium product key , buy windows 7 product key , Office Home and Bussiness 2016 for Mac , windows thin pc activation , l8BqO0

    cheap office project 2013 product keys

    buy windows 7 ultimate sp1 product key

    Online Windows 10 Pro Product Key Store

    Windows 7 Home Premium SP1 key code

    buy cheap windows 7 product keys

    ReplyDelete

  2. Awesome article. It is so detailed and well formatted that i enjoyed reading it as well as get some new information too.


    Manual testing training in Chennai


    Selenium testing training in Chennai

    ReplyDelete
  3. This content creates a new hope and inspiration with in me. Thanks for sharing article like this. The way you have stated everything above is quite awesome. Keep blogging like this. Thanks.
    Digital marketing company
    Digital marketing services

    ReplyDelete