Fuxploider – File Upload Vulnerability Scanner And Exploitation Tool
A local file upload flaw is a vulnerability where a web application permits an attacker to upload a wicked file straightly which is then performed. The tester can test this flaw by individually uploading all types of files with different extensions, but the manual approach takes more time. So Automated Tools can be used to fast up the process. Fuxploider tool is an automated tool that automates the testing and detection of File Upload Flaw. Fuxploider tool is developed in the Python Language and is available on the GitHub platform. As the Fuxploider tool is available on the GitHub platform, it’s free and open-source to use. Fuxploider tool is capable to detect the file types permitted to be uploaded and can detect which technique will work best to upload web shells or any payload file on the target web server.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of Fuxploider Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/almandin/fuxploider.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the Fuxploider. Now you have to install a dependency of the Fuxploider using the following command.
sudo pip3 install -r requirements.txt
Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
python3 fuxploider.py -h
Working with Fuxploider Tool on Kali Linux OS
Example/Usage: Basic example
python3 fuxploider.py –url https://ac851f8d1ebe5c4e80f5688f007500c6.web-security-academy.net/post?postId=4 –not-regex “Avatar file must be an image.”
In this example, we are testing the target domain for File Upload Vulnerability.
In the below screenshot, the tool is trying to test the extensions which are valid while uploading the files on the target domain.
In the below screenshot, tool will upload the all types of files and check the response code and message.
Please Login to comment...