Sunday, March 14, 2010

Fimap alpha v.08 released

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

New in this version:
Complete new engine which uses XML files inside the config folder.
Added a tiny but powerful exploit-mode plugin interface.
Can scan and exploit windows servers!
Can scan and attack more than just PHP. Just create your own XML file for new languages!
Can use POST variables to scan and attack.
Shell user will now be displayed in the fimap shell.
Lots of small improvments. For example you can skip now single scans\attacks with CTRL+C when they are frozen for some reason.
Has a colorful-mode (-C) which makes it easier to read out infos quickly (Unix only)
You can install trusted plugins now thru fimap (-I).
You can update your definition XML files thru fimap (--update-def)
And as usual much more which isn't worth to mention.


No comments: