fimap v0.7a released

Version 0.7 Alpha:

• All commands will now be send base64 encoded. So you can use quotes as much as you want.
• php://input detection is now 100% reliable. (it produced some false positives befor)
• You can now define a POST string for relative and absolute files in the config.py.
• Two placeholders can be used for the POST- and the find-string.
  • __PHP_QUIZ__ which will generate a little random PHP testing code.
  • __PHP_ANSWER__ which is the answer of the PHP testing code.
• Experimental blindmode implemented. It will try to get the path with "/.." "/../.." "/../../..". Also known as monkey mode. It will only try blindly if the default mode failed and you have enabled it with "—enable-blind". This mode will cause a lots of request!
• TTL implemented. You can define it with "—ttl ". Default is 30 seconds.
• Experimental HTTP Proxy support. You can define a HTTP(s) proxy with "—http-proxy localhost:8080".
• Show-my-ip added. Use "—show-my-ip" if you want to see your current Internet-IP, Country and User-Agent. Useful to test your proxy or vpn!
• Googlescanner can now skip the first X pages. Use "—skip-pages X".
• Exploit mode will now extract the first time you connect to a server the kernel version and store it. Next time you start the exploit mode, the kernel version will be printed right after the domain name.
• Lot’s of bugfixes and additional regular expressions.

What works currently?

• Check a Single URL, List of URLs, or Google results fully automaticly.
• Can identify and exploit file inclusion bugs.
  • Relative\Absolute Path Handling.
  • Tries automaticly to eleminate suffixes with Nullbyte.
  • Remotefile Injection.
  • Logfile Injection. (FimapLogInjection)
• Test and exploit multiple bugs:
  • include()
  • include_once()
  • require()
  • require_once()
• You always define absolute pathnames in the configs. No monkey like pathes like:
  • ../etc/passwd
  • ../../etc/passwd
  • ../../../etc/passwd
  • But in cases where the server doesn’t print messages you can enable the monkey-like checking with —enable-blind!
• Has an interactive exploit mode which...
  • ...can spawn a shell on vulnerable systems.
  • ...can spawn a reverse shell on vulnerable systems.
  • ...can do everything you have added in your payload-dict inside the config.py
• Add your own payloads and pathes to the config.py file.
• Has a Harvest mode which can collect URLs from a given domain for later pentesting.
• Goto FimapHelpPage for all features.
• Works also on windows.
• Can handle directories in RFI mode like:
  • where Null-Byte is not possible.

    <? include ($_GET["inc"] . "/content/index.html"); ?>

<? include ($_GET["inc"] . "_lang/index.html"); ?>

• Can use proxys (experimental).

Requirements

• Needs: Python >= 2.4
• Read the FAQ

More information: here