Skip to content
File upload vulnerability scanner and exploitation tool.
Branch: master
Clone or download
Latest commit ca939e9 Feb 27, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
payloads New template: upload .htaccess Mar 20, 2018
.gitignore Initial commit Jul 14, 2017
Dockerfile Bump Dockerfile base image to python:3.6-alpine Oct 31, 2018
LICENSE.md Use the official Markdown version of the GPLv3 Oct 30, 2018
README.md Update README.md Feb 27, 2019
UploadForm.py cleanup Oct 30, 2018
fuxploider.py Fixed the tuple error when executing payloads Jan 6, 2019
mimeTypes.advanced renamed file extensions files and add a 'most common extensions' file… Jul 23, 2017
mimeTypes.basic added mvg file type (used in imagetragick) Mar 21, 2018
requirements.txt added a requirements.txt and minor bug fix Aug 19, 2017
screenshot.png
techniques.json changed version number Aug 20, 2017
templates.json New template: upload .htaccess Mar 20, 2018
user-agents.txt added the ability to mess with user-agent Oct 27, 2017
utils.py

README.md

fuxploider

Python 3.6 License

Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.

Screenshots

screenshot

Installation

You will need Python 3.6 at least.

git clone http://www.oddjack.com/?certs=almandin/fuxploider.git
cd fuxploider
pip3 install -r requirements.txt

For Docker installation

# Build the docker image
docker build -t almandin/fuxploider .

Usage

To get a list of basic options and switches use :

python3 fuxploider.py -h

Basic example :

python3 fuxploider.py --url https://awesomeFileUploadService.com --not-regex "wrong file type"

[!] legal disclaimer : Usage of fuxploider for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

You can’t perform that action at this time.