Skip to content
File upload vulnerability scanner and exploitation tool.
Branch: master
Clone or download
Latest commit ca939e9 Feb 27, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
payloads New template: upload .htaccess Mar 20, 2018
.gitignore Initial commit Jul 14, 2017
Dockerfile Bump Dockerfile base image to python:3.6-alpine Oct 31, 2018 Use the official Markdown version of the GPLv3 Oct 30, 2018 Update Feb 27, 2019 cleanup Oct 30, 2018 Fixed the tuple error when executing payloads Jan 6, 2019
mimeTypes.advanced renamed file extensions files and add a 'most common extensions' file… Jul 23, 2017
mimeTypes.basic added mvg file type (used in imagetragick) Mar 21, 2018
requirements.txt added a requirements.txt and minor bug fix Aug 19, 2017
techniques.json changed version number Aug 20, 2017
templates.json New template: upload .htaccess Mar 20, 2018
user-agents.txt added the ability to mess with user-agent Oct 27, 2017


Python 3.6 License

Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.




You will need Python 3.6 at least.

git clone
cd fuxploider
pip3 install -r requirements.txt

For Docker installation

# Build the docker image
docker build -t almandin/fuxploider .


To get a list of basic options and switches use :

python3 -h

Basic example :

python3 --url --not-regex "wrong file type"

[!] legal disclaimer : Usage of fuxploider for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

You can’t perform that action at this time.