GitHub - almandin/fuxploider: File upload vulnerability scanner and exploitation tool.

Join GitHub today

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

File upload vulnerability scanner and exploitation tool.

Python Dockerfile Other

Permalink

Name	Latest commit message	Commit time
Failed to load latest commit information.
payloads	New template: upload .htaccess	Mar 20, 2018
.gitignore	Initial commit	Jul 14, 2017
Dockerfile	Bump Dockerfile base image to python:3.6-alpine	Oct 31, 2018
LICENSE.md	Use the official Markdown version of the GPLv3	Oct 30, 2018
README.md	Update README.md	Feb 27, 2019
UploadForm.py	cleanup	Oct 30, 2018
fuxploider.py	Fix codec problem.	Jun 9, 2019
mimeTypes.advanced	renamed file extensions files and add a 'most common extensions' file…	Jul 23, 2017
mimeTypes.basic	added mvg file type (used in imagetragick)	Mar 21, 2018
requirements.txt	added a requirements.txt and minor bug fix	Aug 19, 2017
screenshot.png	Changed version number, readme and screenshot	Mar 1, 2018
techniques.json	changed version number	Aug 20, 2017
templates.json	New template: upload .htaccess	Mar 20, 2018
user-agents.txt	added the ability to mess with user-agent	Oct 27, 2017
utils.py	cleanup	Oct 30, 2018

Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.

Screenshots

Installation

You will need Python 3.6 at least.

git clone https://github.com/almandin/fuxploider.git
cd fuxploider
pip3 install -r requirements.txt

For Docker installation

# Build the docker image
docker build -t almandin/fuxploider .

Usage

To get a list of basic options and switches use :

python3 fuxploider.py -h

Basic example :

python3 fuxploider.py --url https://awesomeFileUploadService.com --not-regex "wrong file type"

[!] legal disclaimer : Usage of fuxploider for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program