fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable.

The goal of fimap is to improve the quality and security of your website.

“Do not use this tool on servers where you don’t have permission to pentest!

I am dead serious.” The author

Download | Twitter

usage:

[cc lang=”bash”]fimap -u “http://localhost/vulnerable.php?inc=index.php”[/cc]