How to install Fimap tool manual and use :)

What is Fimap tool ??

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in web application

fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.

GitHub - kurobeats/fimap: fimap is a little python tool which can find, prepare, audit, exploit and…

Fimaptool Installation Steps:-

* git clone https://github.com/kurobeats/fimap.git

* cd fimap/src

fimap tool files

If you want to run a tool, you will need Python2

Python applications will often use packages and modules that don’t come as part of the standard library. Applications will sometimes need a specific version of a library, because the application may require that a particular bug has been fixed or the application may be written using an obsolete version of the library’s interface.

This means it may not be possible for one Python installation to meet the requirements of every application. If application A needs version 1.0 of a particular module but application B needs version 2.0, then the requirements are in conflict and installing either version 1.0 or 2.0 will leave one application unable to run.

The solution for this problem is to create a virtual environment, a self-contained directory tree that contains a Python installation for a particular version of Python, plus a number of additional packages.

* apt install virtualenv

* virtualenv -p /usr/bin/python2 venv

* source venv/bin/activate

* pip install — index-url https://test.pypi.org/simple/ ‘httplib2==0.17.5’

Notes:-
As you are in a virtual env
“python -V” should now show python2
“pip — version” should now show version 2

* python -V

* pip — version

* python2 fimap.py -h

Installation done

How to use Fimaptool:-

python2 fimap.py [Options]

Input fields:-

[Options] includes one or more of the following common options:

-h — Help

-u [URL] — URL to scan

-m — Mass scan

-l [filename] — List of URLs for mass scan

-g — Perform Google search to find URLs

-q — Google search query

-H — Harvests a URL recursively for additional URLs to scan

-w [filename] — Write URL list for mass scan

-b — Enables blind testing where errors are not reported by the web application

-x — Exploit vulnerabilities

— update-def — Updates definition files.

Example:-

(Exploit Remote File Inclusion to Get a Shell)

* python2 fimap.py -u ‘http://example.com/?file=http://google.com'

* python2 fimap.py -u ‘http://example.com/?file=http://google.com' -X

Thank you for helping creating blog

Pallamadhuri : )