RFI ( Remote File Inclution ) merupakan salah satu tehnik hacking yang memanfaatkan celah pada link URL suatu web yang vunl, kalo nggak salah sih gitu .. ahahha...
Kali ini ane bakal share tools buat scan RFI dan sesuai judul IN BACKTRACK :D .. So kalo belum nginstall backtrack ane g pernah ngetes di windows ...
Features and Functions :
- Automatically find the root of the file system
- Detect default files outside of the web folder
- Attempts to detect passwords inside the files
- Supports basic authentication
- Can use null byte to bypass some controls
- Writes a report of the scan to a file
- Add your own payloads and patches to the config.py file.
- Has a Harvest mode which can collect URLs from a given domain for later pentesting.
- All commands will now be send base64 encoded. So you can use quotes as much as you want.
- php://input detection is now 100% reliable.
- You can now define a POST string for relative and absolute files in the config.py.
- TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
- Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.
- Googlescanner can now skip the first X pages. Use “—skip-pages X”.
- Lots of bugfixes and additional regular expressions.
- Harvest mode which can collect URLs from a given domain for later pentesting
Scan a single URL for
FI errors
#./fimap -u
http://www.example.com/test.php?file=bang&id=23
Scan Google search
results for FI errors
#./fimap.py -g -q
inurl:index.php
Harvest all links of
a webpage
#./fimap.py –H -u
http://example.com–d 3 –w /tmp/urllist
-m buat mass scaning
-l is for list
Scan websites using google dorks :./fimap.py -g -q ‘inurl:index.php’
-g for searching from google
-q stands for the query which is to be searched in google.
silahkan downliad toolsnya dimari :
Tidak ada komentar