break a time, with break the c0de…

fimap – Remote & Local File Inclusion (RFI/LFI) Scanner

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable.

Belajar Membuat Website dengan Adobe Dreamweaver


  • Check a Single URL, List of URLs, or Google results fully automatically.
  • Can identify and exploit file inclusion bugs.
  • Test and exploit multiple bugs
  • Has an interactive exploit mode
  • Add your own payloads and patches to the file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • Can use proxies (experimental).


  • All commands will now be send base64 encoded. So you can use quotes as much as you want.
  • php://input detection is now 100% reliable.
  • You can now define a POST string for relative and absolute files in the
  • TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
  • Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.
  • Googlescanner can now skip the first X pages. Use “—skip-pages X”.
  • Lots of bugfixes and additional regular expressions.


  • Needs: Python >= 2.4

You can download fimap here:


Or read more here.


2 responses

  1. Cyb3erFred0M

    thanks bro guns dari artikel2 bro gun sekarang aku jadi tambah semangat……………….belajar dulu sempat putus asa tidak mau belajar lagi,,,,,,tapi sekarang nafsu belajarku meningkat………………maju terus

    July 31, 2010 at 3:01 am

    • maju terus bro kita belajar bareng bareng

      July 31, 2010 at 6:13 am

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s